aboutsummaryrefslogtreecommitdiff
path: root/easy-rsa/2.0/openssl.cnf
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2006-04-13 10:20:43 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2006-04-13 10:20:43 +0000
commita8105c67473b78923a2cadae41e01ad3f4934b4e (patch)
treefb8146d9c3f304e6e3a1873418779b8937ab6fbd /easy-rsa/2.0/openssl.cnf
parentTemporarily backed out time backtrack handling code (diff)
downloadopenvpn-a8105c67473b78923a2cadae41e01ad3f4934b4e.tar.xz
Merged PKCS#11 extensions to easy-rsa/2.0 (Alon Bar-Lev).
svn merge -r 995:998 https://svn.openvpn.net/projects/openvpn/contrib/alon/easy-rsa git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1006 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'easy-rsa/2.0/openssl.cnf')
-rwxr-xr-xeasy-rsa/2.0/openssl.cnf26
1 files changed, 24 insertions, 2 deletions
diff --git a/easy-rsa/2.0/openssl.cnf b/easy-rsa/2.0/openssl.cnf
index b430b83..a781dda 100755
--- a/easy-rsa/2.0/openssl.cnf
+++ b/easy-rsa/2.0/openssl.cnf
@@ -9,10 +9,13 @@
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
+openssl_conf = openssl_init
+[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
+engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
@@ -179,11 +182,13 @@ basicConstraints=CA:FALSE
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
+nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
@@ -204,7 +209,7 @@ authorityKeyIdentifier=keyid,issuer:always
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
-nsComment = "OpenSSL Generated Server Certificate"
+nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
@@ -261,3 +266,20 @@ basicConstraints = CA:true
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
+