Demo of use of errors in applications.

[openssl.git] / apps / openssl.cnf

diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index a620b98cf78a18ca1c5a0220768726c6497890d6..ccc21a290b5d45f92ff9f028772559504983c85b 100644 (file)
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -55,7 +55,7 @@ crl           = $dir/crl.pem          # The current CRL
 private_key    = $dir/private/cakey.pem# The private key
 RANDFILE       = $dir/private/.rand    # private random number file
 
-x509_extensions        = usr_cert              # The extentions to add to the cert
+x509_extensions        = usr_cert              # The extensions to add to the cert
 
 # Comment out the following two lines for the "traditional"
 # (and highly broken) format.
@@ -72,7 +72,7 @@ cert_opt      = ca_default            # Certificate field options
 
 default_days   = 365                   # how long to certify for
 default_crl_days= 30                   # how long before next CRL
-default_md     = sha1                  # which md to use.
+default_md     = default               # use public key default MD
 preserve       = no                    # keep passed DN ordering
 
 # A few difference way of specifying how similar the request should look
@@ -107,7 +107,7 @@ default_bits                = 1024
 default_keyfile        = privkey.pem
 distinguished_name     = req_distinguished_name
 attributes             = req_attributes
-x509_extensions        = v3_ca # The extentions to add to the self signed cert
+x509_extensions        = v3_ca # The extensions to add to the self signed cert
 
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret
@@ -145,7 +145,7 @@ localityName                        = Locality Name (eg, city)
 organizationalUnitName         = Organizational Unit Name (eg, section)
 #organizationalUnitName_default        =
 
-commonName                     = Common Name (eg, YOUR name)
+commonName                     = Common Name (e.g. server FQDN or YOUR name)
 commonName_max                 = 64
 
 emailAddress                   = Email Address
@@ -212,7 +212,7 @@ authorityKeyIdentifier=keyid,issuer
 #nsSslServerName
 
 # This is required for TSA certificates.
-extendedKeyUsage = critical,timeStamping
+# extendedKeyUsage = critical,timeStamping
 
 [ v3_req ]
 
@@ -231,7 +231,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 
 subjectKeyIdentifier=hash
 
-authorityKeyIdentifier=keyid:always,issuer:always
+authorityKeyIdentifier=keyid:always,issuer
 
 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.
@@ -264,7 +264,7 @@ basicConstraints = CA:true
 # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
 
 # issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
+authorityKeyIdentifier=keyid:always
 
 [ proxy_cert_ext ]
 # These extensions should be added when creating a proxy certificate
@@ -297,7 +297,7 @@ nsComment                   = "OpenSSL Generated Certificate"
 
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
+authorityKeyIdentifier=keyid,issuer
 
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.