Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
oid_section = new_oids
[ new_oids ]
# RFC 3920 section 5.1.1 defines this OID
xmppAddr = 1.3.6.1.5.5.7.8.5
# RFC 4985 defines this OID
SRVName = 1.3.6.1.5.5.7.8.7
[ req ]
default_bits = 4096
default_keyfile = {tmpl_var name='domain'}.key
distinguished_name = distinguished_name
req_extensions = v3_extensions
x509_extensions = v3_extensions
# ask about the DN?
prompt = no
[ distinguished_name ]
commonName = {tmpl_var name='domain'}
countryName = {tmpl_var name='ssl_country'}
localityName = {tmpl_var name='ssl_locality'}
organizationName = {tmpl_var name='ssl_organisation'}
organizationalUnitName = {tmpl_var name='ssl_organisation_unit'}
emailAddress = {tmpl_var name='ssl_email'}
[ v3_extensions ]
# for certificate requests (req_extensions)
# and self-signed certificates (x509_extensions)
basicConstraints = CA:FALSE
keyUsage = digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth,clientAuth
subjectAltName = @subject_alternative_name
[ subject_alternative_name ]
# See http://tools.ietf.org/html/draft-ietf-xmpp-3920bis#section-13.7.1.2 for more info.
DNS.0 = {tmpl_var name='domain'}
otherName.0 = xmppAddr;FORMAT:UTF8,UTF8:{tmpl_var name='domain'}
otherName.1 = SRVName;IA5STRING:_xmpp-client.{tmpl_var name='domain'}
otherName.2 = SRVName;IA5STRING:_xmpp-server.{tmpl_var name='domain'}
DNS.1 = muc.{tmpl_var name='domain'}
otherName.3 = xmppAddr;FORMAT:UTF8,UTF8:muc.{tmpl_var name='domain'}
otherName.4 = SRVName;IA5STRING:_xmpp-server.muc.{tmpl_var name='domain'}
DNS.2 = pubsub.{tmpl_var name='domain'}
otherName.5 = xmppAddr;FORMAT:UTF8,UTF8:pubsub.{tmpl_var name='domain'}
otherName.6 = SRVName;IA5STRING:_xmpp-server.pubsub.{tmpl_var name='domain'}
DNS.3 = anon.{tmpl_var name='domain'}
otherName.7 = xmppAddr;FORMAT:UTF8,UTF8:anon.{tmpl_var name='domain'}
otherName.8 = SRVName;IA5STRING:_xmpp-server.anon.{tmpl_var name='domain'}
DNS.4 = xmpp.{tmpl_var name='domain'}
otherName.9 = xmppAddr;FORMAT:UTF8,UTF8:xmpp.{tmpl_var name='domain'}
otherName.10= SRVName;IA5STRING:_xmpp-server.xmpp.{tmpl_var name='domain'}
DNS.5 = proxy.{tmpl_var name='domain'}
otherName.11= xmppAddr;FORMAT:UTF8,UTF8:proxy.{tmpl_var name='domain'}
otherName.12= SRVName;IA5STRING:_xmpp-server.proxy.{tmpl_var name='domain'}
DNS.6 = vjud.{tmpl_var name='domain'}
otherName.13= xmppAddr;FORMAT:UTF8,UTF8:vjud.{tmpl_var name='domain'}
otherName.14= SRVName;IA5STRING:_xmpp-server.vjud.{tmpl_var name='domain'}