new pki

2025-10-24 16:17:08 +02:00
parent 57d2950980
commit 4c38c6c10e
34 changed files with 1202 additions and 0 deletions
--- a/etc/client.conf
+++ b/etc/client.conf
@@ -0,0 +1,29 @@
+# TLS client certificate request
+
+[ req ]
+default_bits            = 2048                  # RSA key size
+encrypt_key             = yes                   # Protect private key
+default_md              = sha256                # MD to use
+utf8                    = yes                   # Input is UTF-8
+string_mask             = utf8only              # Emit UTF-8 strings
+prompt                  = yes                   # Prompt for DN
+distinguished_name      = client_dn             # DN template
+req_extensions          = client_reqext         # Desired extensions
+
+[ client_dn ]
+countryName             = "1. Country Name (2 letters) (eg, US)       "
+countryName_max         = 2
+stateOrProvinceName     = "2. State or Province Name   (eg, region)   "
+localityName            = "3. Locality Name            (eg, city)     "
+organizationName        = "4. Organization Name        (eg, company)  "
+organizationalUnitName  = "5. Organizational Unit Name (eg, section)  "
+commonName              = "6. Common Name              (eg, full name)"
+commonName_max          = 64
+emailAddress            = "7. Email Address            (eg, name@fqdn)"
+emailAddress_max        = 40
+
+[ client_reqext ]
+keyUsage                = critical,digitalSignature
+extendedKeyUsage        = clientAuth
+subjectKeyIdentifier    = hash
+subjectAltName          = email:copy