Blame | Last modification | View Log | RSS feed
[req]distinguished_name = req_distinguished_name# The extensions to add to the self signed certx509_extensions = v3_ca# Run non-interactivelyprompt = no[req_distinguished_name]# Certificate subject#countryName = US#stateOrProvinceName = CA#localityName = Sunnyvale#organizationName = xrdp#organizationalUnitName =commonName = XRDP#emailAddress =[v3_ca]# Extensions for a typical CA - PKIX recommendation.subjectKeyIdentifier = hashauthorityKeyIdentifier = keyid:always, issuer# This is what PKIX recommends but some broken software chokes on critical# extensions.#basicConstraints = critical, CA:true# So we do this instead.basicConstraints = CA:true# Key usage: this is typical for a CA certificate. However since it will# prevent it being used as an test self-signed certificate it is best# left out by default.#keyUsage = cRLSign, keyCertSign# Some might want this also#nsCertType = sslCA, emailCA# Include email address in subject alt name: another PKIX recommendation#subjectAltName = email:copy# Copy issuer details#issuerAltName = issuer:copy# DER hex encoding of an extension: experts only!#obj = DER:02:03# Where 'obj' is a standard or added object# You can even override a supported extension:#basicConstraints = critical, DER:30:03:01:01:FF