oid_section = new_oids [ new_oids ] # RFC 3920 section 5.1.1 defines this OID xmppAddr = 1.3.6.1.5.5.7.8.5 # RFC 4985 defines this OID SRVName = 1.3.6.1.5.5.7.8.7 [ req ] default_bits = 4096 default_keyfile = {tmpl_var name='domain'}.key distinguished_name = distinguished_name req_extensions = v3_extensions x509_extensions = v3_extensions # ask about the DN? prompt = no [ distinguished_name ] commonName = {tmpl_var name='domain'} countryName = {tmpl_var name='ssl_country'} localityName = {tmpl_var name='ssl_locality'} organizationName = {tmpl_var name='ssl_organisation'} organizationalUnitName = {tmpl_var name='ssl_organisation_unit'} emailAddress = {tmpl_var name='ssl_email'} [ v3_extensions ] # for certificate requests (req_extensions) # and self-signed certificates (x509_extensions) basicConstraints = CA:FALSE keyUsage = digitalSignature,keyEncipherment extendedKeyUsage = serverAuth,clientAuth subjectAltName = @subject_alternative_name [ subject_alternative_name ] # See http://tools.ietf.org/html/draft-ietf-xmpp-3920bis#section-13.7.1.2 for more info. DNS.0 = {tmpl_var name='domain'} otherName.0 = xmppAddr;FORMAT:UTF8,UTF8:{tmpl_var name='domain'} otherName.1 = SRVName;IA5STRING:_xmpp-client.{tmpl_var name='domain'} otherName.2 = SRVName;IA5STRING:_xmpp-server.{tmpl_var name='domain'}