1 # X.509 Certificate options
5 # The organization of the subject.
8 # The organizational unit of the subject.
11 # The locality of the subject.
14 # The state of the certificate owner.
17 # The country of the subject. Two letter code.
20 # The common name of the certificate owner.
23 # A user id of the certificate owner.
26 # If the supported DN OIDs are not adequate you can set
28 # For example set the X.520 Title and the X.520 Pseudonym
29 # by using OID and string pairs.
30 #dn_oid = "2.5.4.12" "Dr." "2.5.4.65" "jackal"
32 # This is deprecated and should not be used in new
34 # pkcs9_email = "none@none.org"
36 # The serial number of the certificate
39 # In how many days, counting from today, this certificate will expire.
44 # A dnsname in case of a WWW server.
45 #dns_name = "www.none.org"
47 # An IP address in case of a server.
48 #ip_address = "192.168.1.1"
50 # An email in case of a person
53 # An URL that has CRLs (certificate revocation lists)
54 # available. Needed in CA certificates.
55 #crl_dist_points = "http://www.getcrl.crl/getcrl/"
57 # Whether this is a CA certificate or not
60 # Whether this certificate will be used for a TLS client
63 # Whether this certificate will be used for a TLS server
66 # Whether this certificate will be used to sign data (needed
67 # in TLS DHE ciphersuites).
70 # Whether this certificate will be used to encrypt data (needed
71 # in TLS RSA ciphersuites). Note that it is prefered to use different
72 # keys for encryption and signing.
75 # Whether this key will be used to sign other certificates.
78 # Whether this key will be used to sign CRLs.
81 # Whether this key will be used to sign code.
84 # Whether this key will be used to sign OCSP data.
87 # Whether this key will be used for time stamping.