Created
April 1, 2013 17:12
-
-
Save arusso/5286250 to your computer and use it in GitHub Desktop.
Host CNF file for certificate request generation. Includes support for SAN certs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ req ] | |
| default_bits = 2048 | |
| default_md = sha1 | |
| distinguished_name = req_distinguished_name | |
| prompt = no | |
| <% if @alt_names_real.count > 1 -%> | |
| x509_extensions = v3_ca # The extentions to add to the self signed cert | |
| req_extensions = v3_req # The extensions to add to a certificate request | |
| <% end -%> | |
| [ req_distinguished_name ] | |
| C=<%= @country %> | |
| ST=<%= @state %> | |
| L=<%= @city %> | |
| O=<%= @org %> | |
| OU=<%= @org_unit %> | |
| CN=<%= @cn %> | |
| [ v3_req ] | |
| basicConstraints = CA:FALSE | |
| keyUsage = nonRepudiation, digitalSignature, keyEncipherment | |
| subjectAltName = @alt_names | |
| [ v3_ca ] | |
| subjectKeyIdentifier=hash | |
| authorityKeyIdentifier=keyid:always,issuer:always | |
| basicConstraints = CA:true | |
| subjectAltName = @alt_names | |
| [ alt_names ] | |
| <% idx=0 -%> | |
| <% @alt_names_real.each do |alt| -%> | |
| DNS.<%= idx %> = <%= alt %> | |
| <% idx+=1 -%> | |
| <% end -%> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
country is 2 character country code
state is full state name
city is the full city name
org is the full org name
ou is the department/division name. probably optional
cn is the primary fqdn of the host
alt_names_real is an array of alternate names.
ie.
@Country = 'US'
@State = 'NY'
@city = 'New York'
@org = 'Example dot Shh dot Com'
@ou = 'Infrastructure Destruction Team'
@cn = 'foo.shh.example.com'
@alt_names_real = [ 'foo.example.shh.com', 'bar.example.shh.com' ]