[ new_oids ]
-# RFC 3920 section 5.1.1 defines this OID
+# RFC 6120 section 13.7.1.4. defines this OID
xmppAddr = 1.3.6.1.5.5.7.8.5
# RFC 4985 defines this OID
default_bits = 4096
default_keyfile = example.com.key
distinguished_name = distinguished_name
-req_extensions = v3_extensions
-x509_extensions = v3_extensions
+req_extensions = certrequest
+x509_extensions = selfsigned
# ask about the DN?
prompt = no
[ distinguished_name ]
commonName = example.com
-countryName = UK
+countryName = GB
localityName = The Internet
organizationName = Your Organisation
organizationalUnitName = XMPP Department
emailAddress = xmpp@example.com
-[ v3_extensions ]
+[ certrequest ]
# for certificate requests (req_extensions)
-# and self-signed certificates (x509_extensions)
basicConstraints = CA:FALSE
keyUsage = digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth,clientAuth
subjectAltName = @subject_alternative_name
+[ selfsigned ]
+
+# and self-signed certificates (x509_extensions)
+
+basicConstraints = CA:TRUE
+subjectAltName = @subject_alternative_name
+
[ subject_alternative_name ]
-# See http://tools.ietf.org/html/draft-ietf-xmpp-3920bis#section-13.7.1.2 for more info.
+# See http://tools.ietf.org/html/rfc6120#section-13.7.1.2 for more info.
DNS.0 = example.com
-otherName.0 = xmppAddr;UTF8:example.com
+otherName.0 = xmppAddr;FORMAT:UTF8,UTF8:example.com
otherName.1 = SRVName;IA5STRING:_xmpp-client.example.com
otherName.2 = SRVName;IA5STRING:_xmpp-server.example.com
DNS.1 = conference.example.com
-otherName.3 = xmppAddr;UTF8:conference.example.com
+otherName.3 = xmppAddr;FORMAT:UTF8,UTF8:conference.example.com
otherName.4 = SRVName;IA5STRING:_xmpp-server.conference.example.com