# OpenSSL configuration file to create a server certificate | |
# by Michal Trojnara 1998-2015 | |
[ req ] | |
# comment out the next line to protect the private key with a passphrase | |
encrypt_key = no | |
# the default key length is secure and quite fast - do not change it | |
default_bits = 2048 | |
default_md = sha1 | |
x509_extensions = stunnel_extensions | |
distinguished_name = stunnel_dn | |
[ stunnel_extensions ] | |
nsCertType = server | |
basicConstraints = CA:TRUE,pathlen:0 | |
keyUsage = keyCertSign | |
extendedKeyUsage = serverAuth | |
nsComment = "stunnel self-signed certificate" | |
[ stunnel_dn ] | |
countryName = Country Name (2 letter code) | |
countryName_default = PL | |
countryName_min = 2 | |
countryName_max = 2 | |
stateOrProvinceName = State or Province Name (full name) | |
stateOrProvinceName_default = Mazovia Province | |
localityName = Locality Name (eg, city) | |
localityName_default = Warsaw | |
organizationName = Organization Name (eg, company) | |
organizationName_default = Stunnel Developers | |
organizationalUnitName = Organizational Unit Name (eg, section) | |
organizationalUnitName_default = Provisional CA | |
0.commonName = Common Name (FQDN of your server) | |
0.commonName_default = localhost | |
# To create a certificate for more than one name uncomment: | |
# 1.commonName = DNS alias of your server | |
# 2.commonName = DNS alias of your server | |
# ... | |
# See http://home.netscape.com/eng/security/ssl_2.0_certificate.html | |
# to see how Netscape understands commonName. | |