Created
February 3, 2016 21:34
-
-
Save jordanyaker/5517507da4a7e5a3c60a to your computer and use it in GitHub Desktop.
Securing Websites With Nginx And Client-Side Certificate Authentication On Linux
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ ca ] | |
| default_ca = CA_default # The name of the CA configuration to be used. | |
| # can be anything that makes sense to you. | |
| [ CA_default ] | |
| dir = /etc/ssl/ca # Directory where everything is kept | |
| certs = $dir/certs # Directory where the issued certs are kept | |
| crl_dir = $dir/crl # Directory where the issued crl are kept | |
| database = $dir/index.txt # database index file. | |
| #unique_subject = no # Set to 'no' to allow creation of | |
| # several certificates with same subject. | |
| new_certs_dir = $dir/certs # Default directory for new certs. | |
| certificate = $dir/ca.crt # The CA certificate | |
| serial = $dir/serial # The current serial number | |
| crlnumber = $dir/crlnumber # The current crl number | |
| # must be commented out to leave a V1 CRL | |
| crl = $dir/crl.pem # The current CRL | |
| private_key = $dir/private/ca.key # The private key | |
| RANDFILE = $dir/private/.rand # private random number file | |
| x509_extensions = usr_cert # The extentions to add to the cert | |
| name_opt = ca_default # Subject Name options | |
| cert_opt = ca_default # Certificate field options | |
| default_days = 365 # how long to certify for | |
| default_crl_days= 30 # how long before next CRL | |
| default_md = sha1 # use public key default MD | |
| preserve = no # keep passed DN ordering | |
| policy = policy_match |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment