1*5e748b67Stobhe# $OpenBSD: crt.in,v 1.3 2021/12/21 13:50:35 tobhe Exp $ 2ea5872ecStobhe 3ea5872ecStobhe[ req ] 4ea5872ecStobhedefault_bits = 2048 # default strength of client certificates 5ea5872ecStobhedefault_md = sha2 6ea5872ecStobheencrypt_key = yes # "no" is equivalent to -nodes 7ea5872ecStobheprompt = no 8ea5872ecStobhestring_mask = utf8only 9ea5872ecStobhedistinguished_name = dn # root certificate name 10ea5872ecStobhereq_extensions = req_cert_extensions 11ea5872ecStobhe 12ea5872ecStobhe[dn] 13ea5872ecStobheC=DE 14ea5872ecStobheST=Bavaria 15ea5872ecStobheL=Munich 16ea5872ecStobheO=iked 17ea5872ecStobheCN=${ENV::ALTNAME} 18ea5872ecStobhe 19ea5872ecStobhe[ req_cert_extensions ] 202a9551c7StobhesubjectAltName = @alt_names #;otherName = ${ENV::ALTNAME}-other 212a9551c7Stobhe 22*5e748b67Stobhe[ v3_intermediate_ca ] 23*5e748b67StobhebasicConstraints = critical, CA:true, pathlen:0 24*5e748b67Stobhe 252a9551c7Stobhe[ alt_names ] 262a9551c7StobheDNS.1=${ENV::ALTNAME} 272a9551c7StobheDNS.2=${ENV::ALTNAME}-alternative 282a9551c7Stobheemail= ${ENV::ALTNAME}@openbsd.org 29