prosody
a2ba3f06dcf4
certs/openssl.cnf

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Annotate

certs/openssl.cnf @ 13254:a2ba3f06dcf4 0.12 0.12.4

util.prosodyctl.check: Correct modern replacement for 'disallow_s2s' The code would have suggested adding to modules_enabled instead of modules_disabled
author Kim Alvefur <zash@zash.se>
date Sun, 27 Aug 2023 15:46:19 +0200
parent 6922:e0672860d208
child 12604:bd9e006a7a74
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3701
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 oid_section = new_oids
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 [ new_oids ]
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4
5350
fba042a2c228 certs/openssl.cnf: Update XMPP-Core references to reflect RFC publication
Kim Alvefur <zash@zash.se>
parents: 4098
diff changeset
5 # RFC 6120 section 13.7.1.4. defines this OID
3701
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 xmppAddr = 1.3.6.1.5.5.7.8.5
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 # RFC 4985 defines this OID
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 SRVName = 1.3.6.1.5.5.7.8.7
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 [ req ]
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 default_bits = 4096
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 default_keyfile = example.com.key
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 distinguished_name = distinguished_name
6922
e0672860d208 cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents: 5350
diff changeset
16 req_extensions = certrequest
e0672860d208 cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents: 5350
diff changeset
17 x509_extensions = selfsigned
3701
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 # ask about the DN?
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 prompt = no
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 [ distinguished_name ]
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 commonName = example.com
3704
320738c67100 certs/openssl.cnf: Change countryName from UK to GB
Matthew Wild <mwild1@gmail.com>
parents: 3701
diff changeset
25 countryName = GB
3701
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 localityName = The Internet
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 organizationName = Your Organisation
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 organizationalUnitName = XMPP Department
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 emailAddress = xmpp@example.com
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30
6922
e0672860d208 cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents: 5350
diff changeset
31 [ certrequest ]
3701
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 # for certificate requests (req_extensions)
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 basicConstraints = CA:FALSE
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 keyUsage = digitalSignature,keyEncipherment
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 extendedKeyUsage = serverAuth,clientAuth
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 subjectAltName = @subject_alternative_name
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39
6922
e0672860d208 cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents: 5350
diff changeset
40 [ selfsigned ]
e0672860d208 cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents: 5350
diff changeset
41
e0672860d208 cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents: 5350
diff changeset
42 # and self-signed certificates (x509_extensions)
e0672860d208 cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents: 5350
diff changeset
43
e0672860d208 cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents: 5350
diff changeset
44 basicConstraints = CA:TRUE
e0672860d208 cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents: 5350
diff changeset
45 subjectAltName = @subject_alternative_name
e0672860d208 cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents: 5350
diff changeset
46
3701
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 [ subject_alternative_name ]
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48
5350
fba042a2c228 certs/openssl.cnf: Update XMPP-Core references to reflect RFC publication
Kim Alvefur <zash@zash.se>
parents: 4098
diff changeset
49 # See http://tools.ietf.org/html/rfc6120#section-13.7.1.2 for more info.
3701
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51 DNS.0 = example.com
4098
7d687c348295 certs/openssl.cnf: Specify output encoding.
Kim Alvefur <zash@zash.se>
parents: 3704
diff changeset
52 otherName.0 = xmppAddr;FORMAT:UTF8,UTF8:example.com
3701
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 otherName.1 = SRVName;IA5STRING:_xmpp-client.example.com
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54 otherName.2 = SRVName;IA5STRING:_xmpp-server.example.com
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 DNS.1 = conference.example.com
4098
7d687c348295 certs/openssl.cnf: Specify output encoding.
Kim Alvefur <zash@zash.se>
parents: 3704
diff changeset
57 otherName.3 = xmppAddr;FORMAT:UTF8,UTF8:conference.example.com
3701
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
58 otherName.4 = SRVName;IA5STRING:_xmpp-server.conference.example.com