A service of Daily Data, Inc.
Contact Form

Unix Server Tech Knowledge Base

User Tools

Site Tools

Trace: virt-lib Quick Reference Zabbix
software:openssl:createconfig

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

software:openssl:createconfig [2025/10/22 01:36] – created rodolicosoftware:openssl:createconfig [2025/10/23 18:40] (current) rodolico
Line 3: Line 3:
 While not actually required, it cuts down on the number of things you have to type. Creating this file allows you to use the -config parameter on many commands, with values drawn from here. While not actually required, it cuts down on the number of things you have to type. Creating this file allows you to use the -config parameter on many commands, with values drawn from here.
  
-For example, everything in the **[ req_distinguished_name ]** is asked for every time you create a certificate, whether it be a CA or a Certificate Signing Request (csr). By entering it once in the config file, you never have to type it again (see //prompt = no// in config). Everything can be overridden by the command line.+For example, everything in the **[ req_distinguished_name ]** is asked for every time you create a certificate, whether it be a CA or a Certificate Signing Request (csr), but must be different for each certificate created. By entering it once in the config file, you never have to type it again (see //prompt = no// in config). We will modify the CN to always be the name of the server to receive this, but we can leave everything else alons. Everything can be overridden by the command line.
  
 This file is designed to be used several places, from creating the initial CA to creating a CSR, to creating the final Server Cert, so it is more complex than it needs to be. This file is designed to be used several places, from creating the initial CA to creating a CSR, to creating the final Server Cert, so it is more complex than it needs to be.
Line 21: Line 21:
 distinguished_name  = req_distinguished_name distinguished_name  = req_distinguished_name
 prompt              = no prompt              = no
-#string_mask         = utf8 
 req_extensions      = req_ext          # Extensions to add to certificate requests req_extensions      = req_ext          # Extensions to add to certificate requests
  
Line 31: Line 30:
 O  = Example Corp O  = Example Corp
 OU = Office OU = Office
 +# CN should be different for all certs
 CN = example.org CN = example.org
 emailAddress = admin@example.org emailAddress = admin@example.org
Line 48: Line 48:
 default_ca = CA_default default_ca = CA_default
  
 +# This is used when we create a CA
 [ CA_default ] [ CA_default ]
-keyUsage = critical, digitalSignature, keyEncipherment+keyUsage = critical, digitalSignature, keyEncipherment, cRLSign, keyCertSign 
 +extendedKeyUsage = serverAuth, clientAuth
 basicConstraints = CA:TRUE basicConstraints = CA:TRUE
  
software/openssl/createconfig.txt · Last modified: 2025/10/23 18:40 by rodolico