commit | author | age
|
f52de0
|
1 |
oid_section = new_oids |
MF |
2 |
|
|
3 |
[ new_oids ] |
|
4 |
|
|
5 |
# RFC 3920 section 5.1.1 defines this OID |
|
6 |
xmppAddr = 1.3.6.1.5.5.7.8.5 |
|
7 |
|
|
8 |
# RFC 4985 defines this OID |
|
9 |
SRVName = 1.3.6.1.5.5.7.8.7 |
|
10 |
|
|
11 |
[ req ] |
|
12 |
|
|
13 |
default_bits = 4096 |
|
14 |
default_keyfile = {tmpl_var name='domain'}.key |
|
15 |
distinguished_name = distinguished_name |
|
16 |
req_extensions = v3_extensions |
|
17 |
x509_extensions = v3_extensions |
|
18 |
|
|
19 |
# ask about the DN? |
|
20 |
prompt = no |
|
21 |
|
|
22 |
[ distinguished_name ] |
|
23 |
|
|
24 |
commonName = {tmpl_var name='domain'} |
|
25 |
countryName = {tmpl_var name='ssl_country'} |
|
26 |
localityName = {tmpl_var name='ssl_locality'} |
|
27 |
organizationName = {tmpl_var name='ssl_organisation'} |
|
28 |
organizationalUnitName = {tmpl_var name='ssl_organisation_unit'} |
|
29 |
emailAddress = {tmpl_var name='ssl_email'} |
|
30 |
|
|
31 |
[ v3_extensions ] |
|
32 |
|
|
33 |
# for certificate requests (req_extensions) |
|
34 |
# and self-signed certificates (x509_extensions) |
|
35 |
|
|
36 |
basicConstraints = CA:FALSE |
|
37 |
keyUsage = digitalSignature,keyEncipherment |
|
38 |
extendedKeyUsage = serverAuth,clientAuth |
|
39 |
subjectAltName = @subject_alternative_name |
|
40 |
|
|
41 |
[ subject_alternative_name ] |
|
42 |
|
|
43 |
# See http://tools.ietf.org/html/draft-ietf-xmpp-3920bis#section-13.7.1.2 for more info. |
|
44 |
|
|
45 |
DNS.0 = {tmpl_var name='domain'} |
|
46 |
otherName.0 = xmppAddr;FORMAT:UTF8,UTF8:{tmpl_var name='domain'} |
|
47 |
otherName.1 = SRVName;IA5STRING:_xmpp-client.{tmpl_var name='domain'} |
|
48 |
otherName.2 = SRVName;IA5STRING:_xmpp-server.{tmpl_var name='domain'} |
|
49 |
|
|
50 |
DNS.1 = muc.{tmpl_var name='domain'} |
|
51 |
otherName.3 = xmppAddr;FORMAT:UTF8,UTF8:muc.{tmpl_var name='domain'} |
|
52 |
otherName.4 = SRVName;IA5STRING:_xmpp-server.muc.{tmpl_var name='domain'} |
|
53 |
|
|
54 |
DNS.2 = pubsub.{tmpl_var name='domain'} |
|
55 |
otherName.5 = xmppAddr;FORMAT:UTF8,UTF8:pubsub.{tmpl_var name='domain'} |
|
56 |
otherName.6 = SRVName;IA5STRING:_xmpp-server.pubsub.{tmpl_var name='domain'} |
|
57 |
|
|
58 |
DNS.3 = anon.{tmpl_var name='domain'} |
|
59 |
otherName.7 = xmppAddr;FORMAT:UTF8,UTF8:anon.{tmpl_var name='domain'} |
|
60 |
otherName.8 = SRVName;IA5STRING:_xmpp-server.anon.{tmpl_var name='domain'} |
|
61 |
|
|
62 |
DNS.4 = xmpp.{tmpl_var name='domain'} |
|
63 |
otherName.9 = xmppAddr;FORMAT:UTF8,UTF8:xmpp.{tmpl_var name='domain'} |
|
64 |
otherName.10= SRVName;IA5STRING:_xmpp-server.xmpp.{tmpl_var name='domain'} |
|
65 |
|
|
66 |
DNS.5 = proxy.{tmpl_var name='domain'} |
|
67 |
otherName.11= xmppAddr;FORMAT:UTF8,UTF8:proxy.{tmpl_var name='domain'} |
|
68 |
otherName.12= SRVName;IA5STRING:_xmpp-server.proxy.{tmpl_var name='domain'} |
|
69 |
|
|
70 |
DNS.6 = vjud.{tmpl_var name='domain'} |
|
71 |
otherName.13= xmppAddr;FORMAT:UTF8,UTF8:vjud.{tmpl_var name='domain'} |
|
72 |
otherName.14= SRVName;IA5STRING:_xmpp-server.vjud.{tmpl_var name='domain'} |