certs/openssl.cnf

   1 oid_section = new_oids
   2
   3 [ new_oids ]
   4
   5 # RFC 6120 section 13.7.1.4. defines this OID
   6 xmppAddr = 1.3.6.1.5.5.7.8.5
   7
   8 # RFC 4985 defines this OID
   9 SRVName  = 1.3.6.1.5.5.7.8.7
  10
  11 [ req ]
  12
  13 default_bits       = 4096
  14 default_keyfile    = example.com.key
  15 distinguished_name = distinguished_name
  16 req_extensions     = certrequest
  17 x509_extensions    = selfsigned
  18
  19 # ask about the DN?
  20 prompt = no
  21
  22 [ distinguished_name ]
  23
  24 commonName             = example.com
  25 countryName            = GB
  26 localityName           = The Internet
  27 organizationName       = Your Organisation
  28 organizationalUnitName = XMPP Department
  29 emailAddress           = xmpp@example.com
  30
  31 [ certrequest ]
  32
  33 # for certificate requests (req_extensions)
  34
  35 basicConstraints = CA:FALSE
  36 keyUsage         = digitalSignature,keyEncipherment
  37 extendedKeyUsage = serverAuth,clientAuth
  38 subjectAltName   = @subject_alternative_name
  39
  40 [ selfsigned ]
  41
  42 # and self-signed certificates (x509_extensions)
  43
  44 basicConstraints = CA:TRUE
  45 subjectAltName = @subject_alternative_name
  46
  47 [ subject_alternative_name ]
  48
  49 # See http://tools.ietf.org/html/rfc6120#section-13.7.1.2 for more info.
  50
  51 DNS.0       =                                           example.com
  52 otherName.0 =                 xmppAddr;FORMAT:UTF8,UTF8:example.com
  53 otherName.1 =            SRVName;IA5STRING:_xmpp-client.example.com
  54 otherName.2 =            SRVName;IA5STRING:_xmpp-server.example.com
  55
  56 DNS.1       =                                conference.example.com
  57 otherName.3 =      xmppAddr;FORMAT:UTF8,UTF8:conference.example.com
  58 otherName.4 = SRVName;IA5STRING:_xmpp-server.conference.example.com