blob: faa269c3797a07ee383de507352fa6bdf1aa5271 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
[req]
distinguished_name = req_distinguished_name
# The extensions to add to the self signed cert
x509_extensions = v3_ca
# Run non-interactively
prompt = no
[req_distinguished_name]
# Certificate subject
#countryName = US
#stateOrProvinceName = CA
#localityName = Sunnyvale
#organizationName = xrdp
#organizationalUnitName =
commonName = XRDP
#emailAddress =
[v3_ca]
# Extensions for a typical CA - PKIX recommendation.
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical, CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
#keyUsage = cRLSign, keyCertSign
# Some might want this also
#nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
#subjectAltName = email:copy
# Copy issuer details
#issuerAltName = issuer:copy
# DER hex encoding of an extension: experts only!
#obj = DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
#basicConstraints = critical, DER:30:03:01:01:FF
|
