tools/stunnel.cnf - nest-cam/v350/stunnel - Git at Google

 # OpenSSL configuration file to create a server certificate
 # by Michal Trojnara 1998-2015

 [ req ]
 # comment out the next line to protect the private key with a passphrase
 encrypt_key                     = no
 # the default key length is secure and quite fast - do not change it
 default_bits                    = 2048
 default_md                      = sha1
 x509_extensions                 = stunnel_extensions
 distinguished_name              = stunnel_dn

 [ stunnel_extensions ]
 nsCertType                      = server
 basicConstraints                = CA:TRUE,pathlen:0
 keyUsage                        = keyCertSign
 extendedKeyUsage                = serverAuth
 nsComment                       = "stunnel self-signed certificate"

 [ stunnel_dn ]
 countryName = Country Name (2 letter code)
 countryName_default             = PL
 countryName_min                 = 2
 countryName_max                 = 2

 stateOrProvinceName             = State or Province Name (full name)
 stateOrProvinceName_default     = Mazovia Province

 localityName                    = Locality Name (eg, city)
 localityName_default            = Warsaw

 organizationName                = Organization Name (eg, company)
 organizationName_default        = Stunnel Developers

 organizationalUnitName          = Organizational Unit Name (eg, section)
 organizationalUnitName_default  = Provisional CA

 0.commonName                    = Common Name (FQDN of your server)
 0.commonName_default            = localhost

 # To create a certificate for more than one name uncomment:
 # 1.commonName                  = DNS alias of your server
 # 2.commonName                  = DNS alias of your server
 # ...
 # See http://home.netscape.com/eng/security/ssl_2.0_certificate.html
 # to see how Netscape understands commonName.
	# OpenSSL configuration file to create a server certificate
	# by Michal Trojnara 1998-2015

	[ req ]
	# comment out the next line to protect the private key with a passphrase
	encrypt_key = no
	# the default key length is secure and quite fast - do not change it
	default_bits = 2048
	default_md = sha1
	x509_extensions = stunnel_extensions
	distinguished_name = stunnel_dn

	[ stunnel_extensions ]
	nsCertType = server
	basicConstraints = CA:TRUE,pathlen:0
	keyUsage = keyCertSign
	extendedKeyUsage = serverAuth
	nsComment = "stunnel self-signed certificate"

	[ stunnel_dn ]
	countryName = Country Name (2 letter code)
	countryName_default = PL
	countryName_min = 2
	countryName_max = 2

	stateOrProvinceName = State or Province Name (full name)
	stateOrProvinceName_default = Mazovia Province

	localityName = Locality Name (eg, city)
	localityName_default = Warsaw

	organizationName = Organization Name (eg, company)
	organizationName_default = Stunnel Developers

	organizationalUnitName = Organizational Unit Name (eg, section)
	organizationalUnitName_default = Provisional CA

	0.commonName = Common Name (FQDN of your server)
	0.commonName_default = localhost

	# To create a certificate for more than one name uncomment:
	# 1.commonName = DNS alias of your server
	# 2.commonName = DNS alias of your server
	# ...
	# See http://home.netscape.com/eng/security/ssl_2.0_certificate.html
	# to see how Netscape understands commonName.