1 # The main section is named req because the command we are using is req
4 ## This specifies the default key size in bits. If not specified then 512 is
5 ## used. It is used if the -new option is used. It can be overridden by using
9 ## This is the default filename to write a private key to. If not specified the
10 ## key is written to standard output. This can be overridden by the -keyout
12 #default_keyfile = oats.key
14 ## If this is set to no then if a private key is generated it is not encrypted.
15 ## This is equivalent to the -nodes command line option. For compatibility
16 ## encrypt_rsa_key is an equivalent option.
19 # This option specifies the digest algorithm to use. Possible values include
20 # md5 sha1 mdc2. If not present then MD5 is used. This option can be overridden
21 # on the command line.
24 # if set to the value no this disables prompting of certificate fields and just
25 # takes values from the config file directly. It also changes the expected
26 # format of the distinguished_name and attributes sections.
29 # if set to the value yes then field values to be interpreted as UTF8 strings,
30 # by default they are interpreted as ASCII. This means that the field values,
31 # whether prompted from a terminal or obtained from a configuration file, must
32 # be valid UTF8 strings.
35 # This specifies the section containing the distinguished name fields to
36 # prompt for when generating a certificate or certificate request.
37 distinguished_name = my_req_distinguished_name
39 # this specifies the configuration file section containing a list of extensions
40 # to add to the certificate request. It can be overridden by the -reqexts
41 # command line switch. See the x509v3_config(5) manual page for details of the
42 # extension section format.
43 req_extensions = my_extensions
45 [ my_req_distinguished_name ]
54 basicConstraints=CA:FALSE
55 subjectAltName=@my_subject_alt_names
56 subjectKeyIdentifier = hash
58 [ my_subject_alt_names ]
66 DNS.2 = localhost.localdomain