Newer
Older
oid_section = new_oids
[ new_oids ]
# RFC 3920 section 5.1.1 defines this OID
xmppAddr = 1.3.6.1.5.5.7.8.5
# RFC 4985 defines this OID
SRVName = 1.3.6.1.5.5.7.8.7
[ req ]
default_bits = 4096
default_keyfile = {tmpl_var name='domain'}.key
distinguished_name = distinguished_name
req_extensions = v3_extensions
x509_extensions = v3_extensions
# ask about the DN?
prompt = no
[ distinguished_name ]
commonName = {tmpl_var name='domain'}
countryName = {tmpl_var name='ssl_country'}
localityName = {tmpl_var name='ssl_locality'}
organizationName = {tmpl_var name='ssl_organisation'}
organizationalUnitName = {tmpl_var name='ssl_organisation_unit'}
emailAddress = {tmpl_var name='ssl_email'}
[ v3_extensions ]
# for certificate requests (req_extensions)
# and self-signed certificates (x509_extensions)
keyUsage = digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth,clientAuth
subjectAltName = @subject_alternative_name
[ subject_alternative_name ]
# See http://tools.ietf.org/html/draft-ietf-xmpp-3920bis#section-13.7.1.2 for more info.
DNS.0 = {tmpl_var name='domain'}
otherName.0 = xmppAddr;FORMAT:UTF8,UTF8:{tmpl_var name='domain'}
otherName.1 = SRVName;IA5STRING:_xmpp-client.{tmpl_var name='domain'}
otherName.2 = SRVName;IA5STRING:_xmpp-server.{tmpl_var name='domain'}