X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=apps%2Fopenssl-vms.cnf;h=c0ded4a5f18f73cbcb42ef8fafa52465a472d86b;hp=52ade566533039bc822b0010ce9c450dc8e48a44;hb=455b65dfab0de51c9f67b3c909311770f2b3f801;hpb=96afc1cfd53a0ffcca8544fa751eb9bf17749133 diff --git a/apps/openssl-vms.cnf b/apps/openssl-vms.cnf index 52ade56653..c0ded4a5f1 100644 --- a/apps/openssl-vms.cnf +++ b/apps/openssl-vms.cnf @@ -44,7 +44,7 @@ certs = $dir.certs] # Where the issued certs are kept crl_dir = $dir.crl] # Where the issued crl are kept database = $dir]index.txt # database index file. #unique_subject = no # Set to 'no' to allow creation of - # several ctificates with same subject. + # several certs with same subject. new_certs_dir = $dir.newcerts] # default place for new certs. certificate = $dir]cacert.pem # The CA certificate @@ -55,7 +55,7 @@ crl = $dir]crl.pem # The current CRL private_key = $dir.private]cakey.pem# The private key RANDFILE = $dir.private].rand # private random number file -x509_extensions = usr_cert # The extentions to add to the cert +x509_extensions = usr_cert # The extensions to add to the cert # Comment out the following two lines for the "traditional" # (and highly broken) format. @@ -103,11 +103,11 @@ emailAddress = optional #################################################################### [ req ] -default_bits = 1024 +default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes -x509_extensions = v3_ca # The extentions to add to the self signed cert +x509_extensions = v3_ca # The extensions to add to the self signed cert # Passwords for private keys if not present they will be prompted for # input_password = secret @@ -145,7 +145,7 @@ localityName = Locality Name (eg, city) organizationalUnitName = Organizational Unit Name (eg, section) #organizationalUnitName_default = -commonName = Common Name (eg, YOUR name) +commonName = Common Name (e.g. server FQDN or YOUR name) commonName_max = 64 emailAddress = Email Address @@ -231,7 +231,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always +authorityKeyIdentifier=keyid:always,issuer # This is what PKIX recommends but some broken software chokes on critical # extensions. @@ -264,7 +264,7 @@ basicConstraints = CA:true # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. # issuerAltName=issuer:copy -authorityKeyIdentifier=keyid:always,issuer:always +authorityKeyIdentifier=keyid:always [ proxy_cert_ext ] # These extensions should be added when creating a proxy certificate @@ -297,7 +297,7 @@ nsComment = "OpenSSL Generated Certificate" # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always +authorityKeyIdentifier=keyid,issuer # This stuff is for subjectAltName and issuerAltname. # Import the email address.