Lines 1-6
Link Here
|
1 |
# For use with Easy-RSA 3.0 and OpenSSL 1.0.* |
1 |
# For use with Easy-RSA 3.0 and OpenSSL 1.0.* |
|
|
2 |
EASYRSA="/root/easy-rsa-example" |
3 |
EASYRSA_PKI="$EASYRSA/pki" |
4 |
EASYRSA_CERT_EXPIRE="3650" |
5 |
EASYRSA_CRL_DAYS="180" |
6 |
EASYRSA_DIGEST="sha256" |
7 |
EASYRSA_KEY_SIZE="2048" |
8 |
EASYRSA_DN="cn_only" # use only CN |
9 |
# EASYRSA_DN="org" # use the "traditional" Country/Province/City/Org/OU/email/CN format |
10 |
EASYRSA_REQ_CN="" |
11 |
EASYRSA_REQ_COUNTRY="US" |
12 |
EASYRSA_REQ_PROVINCE="California" |
13 |
EASYRSA_REQ_CITY="San Francisco" |
14 |
EASYRSA_REQ_ORG="Copyleft Certificate Co"" |
15 |
EASYRSA_REQ_OU="My Organizational Unit" |
16 |
EASYRSA_REQ_EMAIL="me@example.net" |
2 |
|
17 |
|
3 |
RANDFILE = $ENV::EASYRSA_PKI/.rnd |
18 |
|
|
|
19 |
|
20 |
RANDFILE = $EASYRSA_PKI/.rnd |
4 |
|
21 |
|
5 |
#################################################################### |
22 |
#################################################################### |
6 |
[ ca ] |
23 |
[ ca ] |
Lines 9-15
Link Here
|
9 |
#################################################################### |
26 |
#################################################################### |
10 |
[ CA_default ] |
27 |
[ CA_default ] |
11 |
|
28 |
|
12 |
dir = $ENV::EASYRSA_PKI # Where everything is kept |
29 |
dir = $EASYRSA_PKI # Where everything is kept |
13 |
certs = $dir # Where the issued certs are kept |
30 |
certs = $dir # Where the issued certs are kept |
14 |
crl_dir = $dir # Where the issued crl are kept |
31 |
crl_dir = $dir # Where the issued crl are kept |
15 |
database = $dir/index.txt # database index file. |
32 |
database = $dir/index.txt # database index file. |
Lines 27-35
Link Here
|
27 |
# is designed for will. In return, we get the Issuer attached to CRLs. |
44 |
# is designed for will. In return, we get the Issuer attached to CRLs. |
28 |
crl_extensions = crl_ext |
45 |
crl_extensions = crl_ext |
29 |
|
46 |
|
30 |
default_days = $ENV::EASYRSA_CERT_EXPIRE # how long to certify for |
47 |
default_days = $EASYRSA_CERT_EXPIRE # how long to certify for |
31 |
default_crl_days= $ENV::EASYRSA_CRL_DAYS # how long before next CRL |
48 |
default_crl_days= $EASYRSA_CRL_DAYS # how long before next CRL |
32 |
default_md = $ENV::EASYRSA_DIGEST # use public key default MD |
49 |
default_md = $EASYRSA_DIGEST # use public key default MD |
33 |
preserve = no # keep passed DN ordering |
50 |
preserve = no # keep passed DN ordering |
34 |
|
51 |
|
35 |
# A few difference way of specifying how similar the request should look |
52 |
# A few difference way of specifying how similar the request should look |
Lines 52-61
Link Here
|
52 |
# Easy-RSA request handling |
69 |
# Easy-RSA request handling |
53 |
# We key off $DN_MODE to determine how to format the DN |
70 |
# We key off $DN_MODE to determine how to format the DN |
54 |
[ req ] |
71 |
[ req ] |
55 |
default_bits = $ENV::EASYRSA_KEY_SIZE |
72 |
default_bits = $EASYRSA_KEY_SIZE |
56 |
default_keyfile = privkey.pem |
73 |
default_keyfile = privkey.pem |
57 |
default_md = $ENV::EASYRSA_DIGEST |
74 |
default_md = $EASYRSA_DIGEST |
58 |
distinguished_name = $ENV::EASYRSA_DN |
75 |
distinguished_name = $EASYRSA_DN |
59 |
x509_extensions = easyrsa_ca # The extentions to add to the self signed cert |
76 |
x509_extensions = easyrsa_ca # The extentions to add to the self signed cert |
60 |
|
77 |
|
61 |
# A placeholder to handle the $EXTRA_EXTS feature: |
78 |
# A placeholder to handle the $EXTRA_EXTS feature: |
Lines 68-100
Link Here
|
68 |
[ cn_only ] |
85 |
[ cn_only ] |
69 |
commonName = Common Name (eg: your user, host, or server name) |
86 |
commonName = Common Name (eg: your user, host, or server name) |
70 |
commonName_max = 64 |
87 |
commonName_max = 64 |
71 |
commonName_default = $ENV::EASYRSA_REQ_CN |
88 |
commonName_default = $EASYRSA_REQ_CN |
72 |
|
89 |
|
73 |
# Easy-RSA DN for org support: |
90 |
# Easy-RSA DN for org support: |
74 |
[ org ] |
91 |
[ org ] |
75 |
countryName = Country Name (2 letter code) |
92 |
countryName = Country Name (2 letter code) |
76 |
countryName_default = $ENV::EASYRSA_REQ_COUNTRY |
93 |
countryName_default = $EASYRSA_REQ_COUNTRY |
77 |
countryName_min = 2 |
94 |
countryName_min = 2 |
78 |
countryName_max = 2 |
95 |
countryName_max = 2 |
79 |
|
96 |
|
80 |
stateOrProvinceName = State or Province Name (full name) |
97 |
stateOrProvinceName = State or Province Name (full name) |
81 |
stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE |
98 |
stateOrProvinceName_default = $EASYRSA_REQ_PROVINCE |
82 |
|
99 |
|
83 |
localityName = Locality Name (eg, city) |
100 |
localityName = Locality Name (eg, city) |
84 |
localityName_default = $ENV::EASYRSA_REQ_CITY |
101 |
localityName_default = $EASYRSA_REQ_CITY |
85 |
|
102 |
|
86 |
0.organizationName = Organization Name (eg, company) |
103 |
0.organizationName = Organization Name (eg, company) |
87 |
0.organizationName_default = $ENV::EASYRSA_REQ_ORG |
104 |
0.organizationName_default = $EASYRSA_REQ_ORG |
88 |
|
105 |
|
89 |
organizationalUnitName = Organizational Unit Name (eg, section) |
106 |
organizationalUnitName = Organizational Unit Name (eg, section) |
90 |
organizationalUnitName_default = $ENV::EASYRSA_REQ_OU |
107 |
organizationalUnitName_default = $EASYRSA_REQ_OU |
91 |
|
108 |
|
92 |
commonName = Common Name (eg: your user, host, or server name) |
109 |
commonName = Common Name (eg: your user, host, or server name) |
93 |
commonName_max = 64 |
110 |
commonName_max = 64 |
94 |
commonName_default = $ENV::EASYRSA_REQ_CN |
111 |
commonName_default = $EASYRSA_REQ_CN |
95 |
|
112 |
|
96 |
emailAddress = Email Address |
113 |
emailAddress = Email Address |
97 |
emailAddress_default = $ENV::EASYRSA_REQ_EMAIL |
114 |
emailAddress_default = $EASYRSA_REQ_EMAIL |
98 |
emailAddress_max = 64 |
115 |
emailAddress_max = 64 |
99 |
|
116 |
|
100 |
#################################################################### |
117 |
#################################################################### |