-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge remote-tracking branch 'refs/remotes/origin/gh-windows' into gh…
…-windows
- Loading branch information
Showing
3 changed files
with
59 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| [ req ] | ||
| default_bits = 2048 | ||
| default_keyfile = server-key.pem | ||
| distinguished_name = subject | ||
| req_extensions = req_ext | ||
| x509_extensions = x509_ext | ||
| string_mask = utf8only | ||
|
|
||
| # The Subject DN can be formed using X501 or RFC 4514 (see RFC 4519 for a description). | ||
| # Its sort of a mashup. For example, RFC 4514 does not provide emailAddress. | ||
| [ subject ] | ||
| countryName = US | ||
| stateOrProvinceName = NY | ||
| localityName = New York | ||
| organizationName = Example, LLC | ||
|
|
||
| # Use a friendly name here because its presented to the user. The server's DNS | ||
| # names are placed in Subject Alternate Names. Plus, DNS names here is deprecated | ||
| # by both IETF and CA/Browser Forums. If you place a DNS name here, then you | ||
| # must include the DNS name in the SAN too (otherwise, Chrome and others that | ||
| # strictly follow the CA/Browser Baseline Requirements will fail). | ||
| commonName = Example Company | ||
|
|
||
| emailAddress = [email protected] | ||
|
|
||
| # Section x509_ext is used when generating a self-signed certificate. I.e., openssl req -x509 ... | ||
| [ x509_ext ] | ||
|
|
||
| subjectKeyIdentifier = hash | ||
| authorityKeyIdentifier = keyid,issuer | ||
|
|
||
| basicConstraints = CA:FALSE | ||
| keyUsage = digitalSignature, keyEncipherment | ||
| extendedKeyUsage = clientAuth, serverAuth | ||
| subjectAltName = @alternate_names | ||
|
|
||
| # RFC 5280, Section 4.2.1.12 makes EKU optional | ||
| # CA/Browser Baseline Requirements, Appendix (B)(3)(G) makes me confused | ||
| # extendedKeyUsage = serverAuth, clientAuth | ||
|
|
||
| # Section req_ext is used when generating a certificate signing request. I.e., openssl req ... | ||
| [ req_ext ] | ||
|
|
||
| subjectKeyIdentifier = hash | ||
|
|
||
| basicConstraints = CA:FALSE | ||
| keyUsage = digitalSignature, keyEncipherment | ||
| extendedKeyUsage = clientAuth, serverAuth | ||
| subjectAltName = @alternate_names | ||
|
|
||
| # RFC 5280, Section 4.2.1.12 makes EKU optional | ||
| # CA/Browser Baseline Requirements, Appendix (B)(3)(G) makes me confused | ||
| # extendedKeyUsage = serverAuth, clientAuth | ||
|
|
||
| [ alternate_names ] | ||
|
|
||
| DNS.1 = python.org | ||
| DNS.2 = www.python.org |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters