Linux OpenSSL sample configuration files

Updated 2011-09-11

Links: OpenSSL.

These files allow setting a private, informal X509 CA and/or to request the creation and issue X509 certificates. These files contain an illustration of somewhat unusual but often very useful features of X509 certificates, for example having multiple Common Names and multiple domain names and wildcard domain names, and multiple email addresses.

Please note that because of some limitations in the OpenSSL configuration files, all of the final files are generated by preprocessing the corresponding .ini files listed here, as specified in the Makefile, and the definitions common to all configuration files are contained in the default.ini.

All files contain extensive comments, and in particular default.ini contains a suitable list of references. Please read all these references carefully and several times. Unfortunately CA operation and certificate generation, even for a private, informal CA, involves difficult concepts and complicated details, especially with OpenSSL, and it is not something to be attempted without an in depth understanding of the general issues and of the peculiarities related to OpenSSL.

You probably will need to customize all all the files in this directory to adapt them to your case. As they are here, they are set up for a private CA called Example Ltd. and for this to accept a request and grant a certificate for the domain example.com.

If you need a simpler approach to generate simple certificates, the GNU TLS library comes with the certtool utility.

Previous versions:

Icon  Name                             Last modified      Size  Description
[DIR] Parent Directory - [TXT] Makefile 05-Dec-2011 23:47 2.5K [TXT] com.example.SSL_CertRequest.ini 05-Dec-2011 23:47 2.9K [TXT] com.example.SSL_Certificate.ini 05-Dec-2011 23:47 1.6K [TXT] com.example_CACertificate.ini 05-Dec-2011 23:47 2.7K [TXT] default.ini 05-Dec-2011 23:47 15K