1 # X.509 Certificate options
5 # The organization of the subject.
6 organization = "Koko inc."
8 # The organizational unit of the subject.
9 unit = "sleeping dept."
11 # The locality of the subject.
14 # The state of the certificate owner.
17 # The country of the subject. Two letter code.
20 # The common name of the certificate owner.
23 # A user id of the certificate owner.
26 # If the supported DN OIDs are not adequate you can set
28 # For example set the X.520 Title and the X.520 Pseudonym
29 # by using OID and string pairs.
31 dn_oid = 2.5.4.65 jackal
33 # This is deprecated and should not be used in new
35 pkcs9_email = "none@none.org"
37 # The serial number of the certificate
40 expiration_date = 2055-05-24 14:29:12
41 activation_date = 2051-01-12 11:36:11
45 # A dnsname in case of a WWW server.
46 dns_name = "www.none.org"
47 dns_name = "www.morethanone.org"
49 # An IP address in case of a server.
50 ip_address = "192.168.1.1"
52 dns_name = "www.evenmorethanone.org"
54 # An email in case of a person
55 email = "none@none.org"
57 # An URL that has CRLs (certificate revocation lists)
58 # available. Needed in CA certificates.
59 crl_dist_points = "http://www.getcrl.crl/getcrl/"
61 email = "where@none.org"
63 # Whether this is a CA certificate or not
66 # Whether this certificate will be used for a TLS client
69 # Whether this certificate will be used for a TLS server
72 # Whether this certificate will be used to sign data (needed
73 # in TLS DHE ciphersuites).
76 # Whether this certificate will be used to encrypt data (needed
77 # in TLS RSA ciphersuites). Note that it is preferred to use different
78 # keys for encryption and signing.
81 # Whether this key will be used to sign other certificates.
84 # Whether this key will be used to sign CRLs.
87 # Whether this key will be used to sign code.
90 # Whether this key will be used to sign OCSP data.
93 # Whether this key will be used for time stamping.
96 # Whether this key will be used for IPsec IKE operations.