#
# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
+# See doc/man5/config.pod for more info.
#
+# This is mostly being used for generation of certificate requests,
+# but may be used for auto loading of providers
# Note that you can include other files from the main configuration
# file using the .include directive.
# defined.
HOME = .
+ # Use this in order to automatically load providers.
+openssl_conf = openssl_init
+
# Extra OBJECT IDENTIFIER info:
-#oid_file = $ENV::HOME/.oid
-oid_section = new_oids
+# oid_file = $ENV::HOME/.oid
+oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
-
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
# Add a simple OID like this:
# testoid1=1.2.3.4
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
+# For FIPS
+# Optionally include a file that is generated by the OpenSSL fipsinstall
+# application. This file contains configuration data required by the OpenSSL
+# fips provider. It contains a named section e.g. [fips_sect] which is
+# referenced from the [provider_sect] below.
+# Refer to the OpenSSL security policy for more information.
+# .include fipsmodule.cnf
+
+[openssl_init]
+providers = provider_sect
+
+# List of providers to load
+[provider_sect]
+default = default_sect
+# The fips section name should match the section name inside the
+# included fipsmodule.cnf.
+# fips = fips_sect
+
+[default_sect]
+# activate = 1
+
+
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
#
# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
+# See doc/man5/config.pod for more info.
#
+# This is mostly being used for generation of certificate requests,
+# but may be used for auto loading of providers
# Note that you can include other files from the main configuration
# file using the .include directive.
# defined.
HOME = .
+ # Use this in order to automatically load providers.
+openssl_conf = openssl_init
+
# Extra OBJECT IDENTIFIER info:
-#oid_file = $ENV::HOME/.oid
-oid_section = new_oids
+# oid_file = $ENV::HOME/.oid
+oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
-
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
# Add a simple OID like this:
# testoid1=1.2.3.4
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
+# For FIPS
+# Optionally include a file that is generated by the OpenSSL fipsinstall
+# application. This file contains configuration data required by the OpenSSL
+# fips provider. It contains a named section e.g. [fips_sect] which is
+# referenced from the [provider_sect] below.
+# Refer to the OpenSSL security policy for more information.
+# .include fipsmodule.cnf
+
+[openssl_init]
+providers = provider_sect
+
+# List of providers to load
+[provider_sect]
+default = default_sect
+# The fips section name should match the section name inside the
+# included fipsmodule.cnf.
+# fips = fips_sect
+
+[default_sect]
+# activate = 1
+
+
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
=head1 SEE ALSO
L<openssl-x509(1)>, L<openssl-req(1)>, L<openssl-ca(1)>,
+L<openssl-fipsinstall(1)>,
L<ASN1_generate_nconf(3)>,
L<EVP_set_default_properties(3)>,
L<CONF_modules_load_file(3)>,