More X509 V3 stuff. Add support for extensions in the 'req' application

[openssl.git] / apps / openssl.cnf

diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 2621d90d31b70e4b229670a5eb3e14406bf66fcf..fbc328fad41ef9c218788fd9198442d4776b20ad 100644 (file)
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -1,5 +1,5 @@
 #
-# SSLeay example configuration file.
+# OpenSSL example configuration file.
 # This is mostly being used for generation of certificate requests.
 #
 
@@ -63,6 +63,7 @@ default_bits          = 1024
 default_keyfile        = privkey.pem
 distinguished_name     = req_distinguished_name
 attributes             = req_attributes
+x509_extensions        = v3_ca # The extentions to add to the cert
 
 [ req_distinguished_name ]
 countryName                    = Country Name (2 letter code)
@@ -80,7 +81,7 @@ localityName                  = Locality Name (eg, city)
 
 # we can do this but it is not needed normally :-)
 #1.organizationName            = Second Organization Name (eg, company)
-#1.organizationName_default    = CryptSoft Pty Ltd
+#1.organizationName_default    = World Wide Web Pty Ltd
 
 organizationalUnitName         = Organizational Unit Name (eg, section)
 #organizationalUnitName_default        =
@@ -102,7 +103,7 @@ unstructuredName            = An optional company name
 
 [ x509v3_extensions ]
 
-nsCaRevocationUrl              = http://www.cryptsoft.com/ca-crl.pem
+nsCaRevocationUrl              = http://www.domain.dom/ca-crl.pem
 nsComment                      = "This is a comment"
 
 # under ASN.1, the 0 bit would be encoded as 80
@@ -117,3 +118,11 @@ nsCertType                 = 0x40
 #nsCertExt
 #nsDataType
 
+[ v3_ca]
+
+# Extensions for a typical CA
+
+basicConstraints = CA:true
+keyUsage = cRLSign, keyCertSign
+
+