~/Sites/openssl.cnf.diff.html

2,3c2
< # OpenSSL example configuration file.
< # This is mostly being used for generation of certificate requests.
---
> # OpenSSL Configuration file for Condor Multi-level CA
11,29d9
< # Extra OBJECT IDENTIFIER info:
< #oid_file             = $ENV::HOME/.oid
< oid_section           = new_oids
< 
< # To use this configuration file with the "-extfile" option of the
< # "openssl x509" utility, name here the section containing the
< # X.509v3 extensions to use:
< # extensions          = 
< # (Alternatively, use a configuration file that has only
< # X.509v3 extensions in its main [= default] section.)
< 
< [ new_oids ]
< 
< # We can add new OIDs in here for use by 'ca' and 'req'.
< # Add a simple OID like this:
< # testoid1=1.2.3.4
< # Or use config file substitution like this:
< # testoid2=${testoid1}.5.6
< 
37,40c17,20
< dir           = ./demoCA              # Where everything is kept
< certs         = $dir/certs            # Where the issued certs are kept
< crl_dir               = $dir/crl              # Where the issued crl are kept
< database      = $dir/index.txt        # database index file.
---
> dir           = ./CondorSigningCA1    # Where everything is kept
> certs         = $dir/ca.db.certs      # Where the issued certs are kept
> #crl_dir              = $dir/crl      # Where the issued crl are kept
> database      = $dir/ca.db.index      # database index file.
43,46c23,26
< certificate   = $dir/cacert.pem       # The CA certificate
< serial                = $dir/serial           # The current serial number
< crl           = $dir/crl.pem          # The current CRL
< private_key   = $dir/private/cakey.pem# The private key
---
> certificate   = $dir/signing-ca.crt   # The CA certificate
> serial                = $dir/ca.db.serial     # The current serial number
> #crl          = $dir/crl.pem          # The current CRL
> private_key   = $dir/private/signing-ca.crt # The private key
72a53,91
> ###################################################################
> [ CA_root ]
> 
> dir             = ./CondorRootCA      # Where everything is kept
> certs           = $dir/ca.db.certs      # Where the issued certs are kept
> #crl_dir                = $dir/crl      # Where the issued crl are kept
> database        = $dir/ca.db.index      # database index file.
> new_certs_dir   = $dir/newcerts         # default place for new certs.
> 
> certificate     = $dir/root-ca.crt    # The CA certificate
> serial          = $dir/ca.db.serial     # The current serial number
> #crl            = $dir/crl.pem          # The current CRL
> private_key     = $dir/private/root-ca.crt # The private key
> RANDFILE        = $dir/private/.rand    # private random number file
> 
> x509_extensions = v3_ca              # The extentions to add to the cert
> 
> # Comment out the following two lines for the "traditional"
> # (and highly broken) format.
> name_opt        = ca_default            # Subject Name options
> cert_opt        = ca_default            # Certificate field options
> 
> # Extension copying option: use with caution.
> # copy_extensions = copy
> 
> # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
> # so this is commented out by default to leave a V1 CRL.
> # crl_extensions        = crl_ext
> 
> default_days    = 3650                   # how long to certify for
> default_crl_days= 30                    # how long before next CRL
> default_md      = md5                   # which md to use.
> preserve        = no                    # keep passed DN ordering
> 
> # A few difference way of specifying how similar the request should look
> # For type CA, the listed attributes must be the same, and the optional
> # and supplied fields are just that :-)
> policy          = policy_match
> 
120c139
< countryName_default           = AU
---
> countryName_default           = US
125c144
< stateOrProvinceName_default   = Some-State
---
> stateOrProvinceName_default   = Wisconsin
127a147
> localityName_default          = Madison
130c150
< 0.organizationName_default    = Internet Widgits Pty Ltd
---
> 0.organizationName_default    = University of Wisconsin -- Madison
132,134c152,153
< # we can do this but it is not needed normally :-)
< #1.organizationName           = Second Organization Name (eg, company)
< #1.organizationName_default   = World Wide Web Pty Ltd
---
> 1.organizationName            = Second Organization Name (eg, company)
> 1.organizationName_default    = Computer Sciences Department
137c156
< #organizationalUnitName_default       =
---
> organizationalUnitName_default        = Condor Project
148,150c167,169
< challengePassword             = A challenge password
< challengePassword_min         = 4
< challengePassword_max         = 20
---
> # challengePassword           = A challenge password
> # challengePassword_min               = 4
> # challengePassword_max               = 20
152c171
< unstructuredName              = An optional company name
---
> # unstructuredName            = An optional company name