markizano · August 5, 2025 15:19
diff --git a/openssl.cnf b/openssl.cnf
 HOME                            = .
 openssl_conf                    = openssl_init
 config_diagnostics              = 1

 [openssl_init]

 [provider_sect]
 default                         = default_sect

 [default_sect]
 activate = 1

 [ policy_match ]
 countryName                     = match
 stateOrProvinceName             = match
 organizationName                = match
 organizationalUnitName          = optional
 commonName                      = supplied
 emailAddress                    = optional

 [ policy_anything ]
 countryName                     = optional
 stateOrProvinceName             = optional
 localityName                    = optional
 organizationName                = optional
 organizationalUnitName          = optional
 commonName                      = supplied
 emailAddress                    = optional

 [ req ]
 default_bits                    = 4096
 default_keyfile                 = privkey.pem
 distinguished_name              = req_distinguished_name
 x509_extensions                 = v3_ca     # The extensions to add to the self signed cert
 string_mask                     = utf8only

 [ req_distinguished_name ]
 countryName                     = Country Name (2 letter code)
 countryName_default             = US
 countryName_min                 = 2
 countryName_max                 = 2
 stateOrProvinceName             = State or Province Name (full name)
 stateOrProvinceName_default     = TX
 localityName                    = Locality Name (eg, city)
 localityName_default            = Dallas
 0.organizationName              = Organization Name (eg, company)
 0.organizationName_default      = Markizano.NET, LLC
 organizationalUnitName          = Organizational Unit Name (eg, section)
 commonName                      = Common Name (e.g. server FQDN or YOUR name)
 commonName_max                  = 64
 emailAddress                    = Email Address
 emailAddress_max                = 64
 emailAddress_default            = admin@markizano.net

 [ usr_cert ]
 basicConstraints=CA:FALSE
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer

 [ v3_req ]
 basicConstraints                = CA:FALSE
 keyUsage                        = nonRepudiation, digitalSignature, keyEncipherment

 [ v3_ca ]
 subjectKeyIdentifier            = hash
 authorityKeyIdentifier          = keyid:always,issuer
 basicConstraints                = critical,CA:TRUE
 keyUsage                        = cRLSign, keyCertSign, digitalSignature

 [ crl_ext ]
 issuerAltName                   = issuer:copy
 authorityKeyIdentifier          = keyid:always
	HOME = .
	openssl_conf = openssl_init
	config_diagnostics = 1

	[openssl_init]

	[provider_sect]
	default = default_sect

	[default_sect]
	activate = 1

	[ policy_match ]
	countryName = match
	stateOrProvinceName = match
	organizationName = match
	organizationalUnitName = optional
	commonName = supplied
	emailAddress = optional

	[ policy_anything ]
	countryName = optional
	stateOrProvinceName = optional
	localityName = optional
	organizationName = optional
	organizationalUnitName = optional
	commonName = supplied
	emailAddress = optional

	[ req ]
	default_bits = 4096
	default_keyfile = privkey.pem
	distinguished_name = req_distinguished_name
	x509_extensions = v3_ca # The extensions to add to the self signed cert
	string_mask = utf8only

	[ req_distinguished_name ]
	countryName = Country Name (2 letter code)
	countryName_default = US
	countryName_min = 2
	countryName_max = 2
	stateOrProvinceName = State or Province Name (full name)
	stateOrProvinceName_default = TX
	localityName = Locality Name (eg, city)
	localityName_default = Dallas
	0.organizationName = Organization Name (eg, company)
	0.organizationName_default = Markizano.NET, LLC
	organizationalUnitName = Organizational Unit Name (eg, section)
	commonName = Common Name (e.g. server FQDN or YOUR name)
	commonName_max = 64
	emailAddress = Email Address
	emailAddress_max = 64
	emailAddress_default = admin@markizano.net

	[ usr_cert ]
	basicConstraints=CA:FALSE
	subjectKeyIdentifier=hash
	authorityKeyIdentifier=keyid,issuer

	[ v3_req ]
	basicConstraints = CA:FALSE
	keyUsage = nonRepudiation, digitalSignature, keyEncipherment

	[ v3_ca ]
	subjectKeyIdentifier = hash
	authorityKeyIdentifier = keyid:always,issuer
	basicConstraints = critical,CA:TRUE
	keyUsage = cRLSign, keyCertSign, digitalSignature

	[ crl_ext ]
	issuerAltName = issuer:copy
	authorityKeyIdentifier = keyid:always
No results found