home *** CD-ROM | disk | FTP | other *** search
/ chilidog.highland.cc.ks.us / chilidog.highland.cc.ks.us.zip / chilidog.highland.cc.ks.us / backup / bradford.20110725.etc.tar.gz / bradford.20110725.etc.tar / etc / postfix / openssl_postfix.conf.in < prev    next >
Text File  |  2006-05-02  |  2KB  |  92 lines
  1. [ ca ]
  2. default_ca      = CA_default
  3.  
  4. [ CA_default ]
  5.  
  6. dir             = /etc/postfix/ssl
  7. certs           = $dir/certs
  8. crl_dir         = $dir/crl
  9. database        = $dir/index.txt
  10. new_certs_dir   = $dir/newcerts
  11.  
  12. certificate     = $dir/cacert.pem
  13. serial          = $dir/serial
  14. crl             = $dir/crl.pem
  15. private_key     = $dir/private/cakey.pem
  16. RANDFILE        = $dir/private/.rand
  17.  
  18. x509_extensions = usr_cert
  19.  
  20. default_days    = 2000
  21. default_md      = md5
  22. policy          = policy_anything
  23.  
  24. [ policy_anything ]
  25. countryName=optional
  26. stateOrProvinceName=optional
  27. localityName=optional
  28. organizationName=optional
  29. organizationalUnitName=optional
  30. commonName=optional
  31. emailAddress=optional
  32.  
  33. [ req ]
  34. default_bits           = 1024
  35. default_keyfile        = privkey.pem
  36. distinguished_name     = req_distinguished_name
  37. attributes             = req_attributes
  38. x509_extensions        = v3_ca
  39. prompt                 = no
  40. output_password        = mypass
  41.  
  42. [ req_distinguished_name ]
  43. countryName            = @POSTFIX_SSL_COUNTRY@
  44. stateOrProvinceName    = @POSTFIX_SSL_STATE@
  45. localityName           = @POSTFIX_SSL_LOCALITY@
  46. organizationName       = @POSTFIX_SSL_ORGANIZATION@
  47. organizationalUnitName = @POSTFIX_SSL_ORGANIZATIONAL_UNIT@
  48. commonName             = @POSTFIX_SSL_COMMON_NAME@
  49. emailAddress           = @POSTFIX_SSL_EMAIL_ADDRESS@
  50.  
  51. [ req_attributes ]
  52. challengePassword              = @RANDOM@ challenge password
  53.  
  54. [ server_cert ]
  55.  
  56. basicConstraints=CA:FALSE
  57. nsCertType = server
  58. nsComment = @COMMENT@
  59. subjectKeyIdentifier=hash
  60. authorityKeyIdentifier=keyid,issuer:always
  61. subjectAltName=email:copy
  62. issuerAltName=issuer:copy
  63.  
  64.  
  65. [ client_cert ]
  66.  
  67. basicConstraints=CA:FALSE
  68. nsCertType = client, email
  69. nsComment = @COMMENT@
  70. keyUsage = nonRepudiation, digitalSignature, keyEncipherment
  71. subjectKeyIdentifier=hash
  72. authorityKeyIdentifier=keyid,issuer:always
  73. subjectAltName=email:copy
  74. issuerAltName=issuer:copy
  75.  
  76. [ v3_ca ]
  77.  
  78. subjectKeyIdentifier=hash
  79. authorityKeyIdentifier=keyid:always,issuer:always
  80. basicConstraints = CA:true
  81. keyUsage = cRLSign, keyCertSign
  82. nsCertType = sslCA, emailCA
  83. subjectAltName=email:copy
  84. issuerAltName=issuer:copy
  85.  
  86. [ usr_cert ]
  87.  
  88. basicConstraints=CA:FALSE
  89. nsComment           = @COMMENT@
  90. subjectKeyIdentifier=hash
  91. authorityKeyIdentifier=keyid,issuer:always
  92.