# based on the prosody certs/openssl.cnf by zash - MIT license # # note: if you have an internationalized domain name, be very careful # about encoding it properly. oid_section = new_oids [ new_oids ] # RFC 3920 section 5.1.1 defines this OID xmppAddr = 1.3.6.1.5.5.7.8.5 # RFC 4985 defines this OID SRVName = 1.3.6.1.5.5.7.8.7 [ req ] default_bits = 4096 default_keyfile = example.com.key distinguished_name = distinguished_name req_extensions = v3_extensions x509_extensions = v3_extensions string_mask = utf8only # ask about the DN? prompt = no [ distinguished_name ] commonName = example.com countryName = GB localityName = The Internet organizationName = Your Organisation organizationalUnitName = IT Department emailAddress = psycmaster@example.com [ v3_extensions ] # for certificate requests (req_extensions) # and self-signed certificates (x509_extensions) # note: setting keyUsage does not work for self-signed certs basicConstraints = CA:FALSE keyUsage = digitalSignature,keyEncipherment extendedKeyUsage = serverAuth,clientAuth subjectAltName = @subject_alternative_name [ subject_alternative_name ] # See http://tools.ietf.org/html/rfc6120#section-13.7.1.2 for more info DNS.0 = example.com otherName.0 = SRVName;IA5STRING:_xmpp-client.example.com otherName.1 = SRVName;IA5STRING:_xmpp-server.example.com otherName.2 = SRVName;IA5STRING:_psyc.example.com