| 194 |
- |
1 |
[req]
|
|
|
2 |
distinguished_name = req_distinguished_name
|
|
|
3 |
# The extensions to add to the self signed cert
|
|
|
4 |
x509_extensions = v3_ca
|
|
|
5 |
# Run non-interactively
|
|
|
6 |
prompt = no
|
|
|
7 |
|
|
|
8 |
[req_distinguished_name]
|
|
|
9 |
# Certificate subject
|
|
|
10 |
#countryName = US
|
|
|
11 |
#stateOrProvinceName = CA
|
|
|
12 |
#localityName = Sunnyvale
|
|
|
13 |
#organizationName = xrdp
|
|
|
14 |
#organizationalUnitName =
|
|
|
15 |
commonName = XRDP
|
|
|
16 |
#emailAddress =
|
|
|
17 |
|
|
|
18 |
[v3_ca]
|
|
|
19 |
# Extensions for a typical CA - PKIX recommendation.
|
|
|
20 |
subjectKeyIdentifier = hash
|
|
|
21 |
authorityKeyIdentifier = keyid:always, issuer
|
|
|
22 |
|
|
|
23 |
# This is what PKIX recommends but some broken software chokes on critical
|
|
|
24 |
# extensions.
|
|
|
25 |
#basicConstraints = critical, CA:true
|
|
|
26 |
# So we do this instead.
|
|
|
27 |
basicConstraints = CA:true
|
|
|
28 |
|
|
|
29 |
# Key usage: this is typical for a CA certificate. However since it will
|
|
|
30 |
# prevent it being used as an test self-signed certificate it is best
|
|
|
31 |
# left out by default.
|
|
|
32 |
#keyUsage = cRLSign, keyCertSign
|
|
|
33 |
|
|
|
34 |
# Some might want this also
|
|
|
35 |
#nsCertType = sslCA, emailCA
|
|
|
36 |
|
|
|
37 |
# Include email address in subject alt name: another PKIX recommendation
|
|
|
38 |
#subjectAltName = email:copy
|
|
|
39 |
# Copy issuer details
|
|
|
40 |
#issuerAltName = issuer:copy
|
|
|
41 |
|
|
|
42 |
# DER hex encoding of an extension: experts only!
|
|
|
43 |
#obj = DER:02:03
|
|
|
44 |
# Where 'obj' is a standard or added object
|
|
|
45 |
# You can even override a supported extension:
|
|
|
46 |
#basicConstraints = critical, DER:30:03:01:01:FF
|