subjectAltName = @alt_section
[alt_section]
- email = steve@here
- email = steve@there
+ email = steve@example.com
+ email = steve@example.org
will only recognize the last value. To specify multiple values append a
numeric identifier, as shown here:
subjectAltName = @alt_section
[alt_section]
- email.1 = steve@here
- email.2 = steve@there
+ email.1 = steve@example.com
+ email.2 = steve@example.org
The syntax of raw extensions is defined by the source code that parses
the extension but should be documened.
Examples:
- subjectAltName = email:copy, email:my@other.address, URI:http://my.url.here/
+ subjectAltName = email:copy, email:my@example.com, URI:http://my.example.com/
subjectAltName = IP:192.168.7.1
subjectAltName = IP:13::17
- subjectAltName = email:my@other.address, RID:1.2.3.4
+ subjectAltName = email:my@example.com, RID:1.2.3.4
subjectAltName = otherName:1.2.3.4;UTF8:some other identifier
Examples:
- authorityInfoAccess = OCSP;URI:http://ocsp.my.host/,caIssuers;URI:http://my.ca/ca.cer
+ authorityInfoAccess = OCSP;URI:http://ocsp.example.com/,caIssuers;URI:http://myca.example.com/ca.cer
- authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
+ authorityInfoAccess = OCSP;URI:http://ocsp.example.com/
=head2 CRL distribution points
Simple examples:
- crlDistributionPoints = URI:http://myhost.com/myca.crl
+ crlDistributionPoints = URI:http://example.com/myca.crl
- crlDistributionPoints = URI:http://my.com/my.crl, URI:http://oth.com/my.crl
+ crlDistributionPoints = URI:http://example.com/myca.crl, URI:http://example.org/my.crl
Full distribution point example:
crlDistributionPoints = crldp1_section
[crldp1_section]
- fullname = URI:http://myhost.com/myca.crl
+ fullname = URI:http://example.com/myca.crl
CRLissuer = dirName:issuer_sect
reasons = keyCompromise, CACompromise
issuingDistributionPoint = critical, @idp_section
[idp_section]
- fullname = URI:http://myhost.com/myca.crl
+ fullname = URI:http://example.com/myca.crl
indirectCRL = TRUE
onlysomereasons = keyCompromise, CACompromise
[polsect]
policyIdentifier = 1.3.5.8
- CPS.1 = "http://my.host.name/"
- CPS.2 = "http://my.your.name/"
+ CPS.1 = "http://my.host.example.com/"
+ CPS.2 = "http://my.your.example.com/"
userNotice.1 = @notice
[notice]
nameConstraints = permitted;IP:192.168.0.0/255.255.0.0
- nameConstraints = permitted;email:.somedomain.com
+ nameConstraints = permitted;email:.example.com
nameConstraints = excluded;email:.com