1 # X.509 Certificate options
5 # The organization of the subject.
6 organization = "Koko inc."
8 # The organizational unit of the subject.
9 unit = "sleeping dept."
11 # The locality of the subject.
14 # The state of the certificate owner.
17 # The country of the subject. Two letter code.
20 # The common name of the certificate owner.
23 # A user id of the certificate owner.
26 # If the supported DN OIDs are not adequate you can set
28 # For example set the X.520 Title and the X.520 Pseudonym
29 # by using OID and string pairs.
31 dn_oid = 2.5.4.65 jackal
33 # This is deprecated and should not be used in new
35 pkcs9_email = "none@none.org"
37 # The serial number of the certificate
40 # In how many days, counting from today, this certificate will expire.
41 expiration_days = 2590
45 # A dnsname in case of a WWW server.
46 dns_name = "www.none.org"
47 dns_name = "www.morethanone.org"
49 # An IP address in case of a server.
50 ip_address = "192.168.1.1"
52 dns_name = "www.evenmorethanone.org"
54 # An email in case of a person
55 email = "none@none.org"
57 # An URL that has CRLs (certificate revocation lists)
58 # available. Needed in CA certificates.
59 crl_dist_points = "http://www.getcrl.crl/getcrl1/"
60 crl_dist_points = "http://www.getcrl.crl/getcrl2/"
61 crl_dist_points = "http://www.getcrl.crl/getcrl3/"
63 email = "where@none.org"
65 # Whether this is a CA certificate or not
68 # Whether this certificate will be used for a TLS client
71 # Whether this certificate will be used for a TLS server
74 # Whether this certificate will be used to sign data (needed
75 # in TLS DHE ciphersuites).
78 # Whether this certificate will be used to encrypt data (needed
79 # in TLS RSA ciphersuites). Note that it is preferred to use different
80 # keys for encryption and signing.
83 # Whether this key will be used to sign other certificates.
86 # Whether this key will be used to sign CRLs.
89 # Whether this key will be used to sign code.
92 # Whether this key will be used to sign OCSP data.
95 # Whether this key will be used for time stamping.
98 # Whether this key will be used for IPsec IKE operations.