aboutsummaryrefslogtreecommitdiffstats
path: root/certs/openssl.cnf
blob: 9e72abe4b688bd5e63c41d2e4f8671c3220628d4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
oid_section = new_oids

[ new_oids ]

# RFC 3920 section 5.1.1 defines this OID
xmppAddr = 1.3.6.1.5.5.7.8.5

# RFC 4985 defines this OID
SRVName  = 1.3.6.1.5.5.7.8.7

[ req ]

default_bits       = 4096
default_keyfile    = example.com.key
distinguished_name = distinguished_name
req_extensions     = v3_extensions
x509_extensions    = v3_extensions

# ask about the DN?
prompt = no

[ distinguished_name ]

commonName             = example.com
countryName            = UK
localityName           = The Internet
organizationName       = Your Organisation
organizationalUnitName = XMPP Department
emailAddress           = xmpp@example.com

[ v3_extensions ]

# for certificate requests (req_extensions)
# and self-signed certificates (x509_extensions)

basicConstraints = CA:FALSE
keyUsage         = digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth,clientAuth
subjectAltName   = @subject_alternative_name

[ subject_alternative_name ]

# See http://tools.ietf.org/html/draft-ietf-xmpp-3920bis#section-13.7.1.2 for more info.

DNS.0       =                                           example.com
otherName.0 =                             xmppAddr;UTF8:example.com
otherName.1 =            SRVName;IA5STRING:_xmpp-client.example.com
otherName.2 =            SRVName;IA5STRING:_xmpp-server.example.com

DNS.1       =                                conference.example.com
otherName.3 =                  xmppAddr;UTF8:conference.example.com
otherName.4 = SRVName;IA5STRING:_xmpp-server.conference.example.com