forked from davewasmer/devcert
/
domain-certificates.conf
38 lines (34 loc) · 1.15 KB
/
domain-certificates.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
[ ca ]
default_ca = devcert_ca
[ devcert_ca ]
# Serial file that counts up unique IDs for each cert issued
serial = <%= serialFile.replace(/\\/g, '\\\\') %>
# Database file that tracks all issued certs
database = <%= databaseFile.replace(/\\/g, '\\\\') %>
# Where to put the new cert
new_certs_dir = <%= domainDir.replace(/\\/g, '\\\\') %>
# Which algorithm to use
default_md = sha256
# Don't prompt the TTY for input, just use the config file values
prompt = no
# Interpret strings as utf8, not ASCII
utf8 = yes
# This specifies the configuration file section containing a list of extensions
# to add to the certificate request.
req_extensions = req_extensions
x509_extensions = domain_certificate_extensions
# How long is the domain cert good for
default_days = 7000
# What do CSRs need to supply?
policy = loose_policy
[ loose_policy ]
commonName = supplied
[ domain_certificate_extensions ]
basicConstraints = critical, CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @subject_alt_names
[ subject_alt_names ]
<%= subjectAltNames %>