[jdev] generating XMPP certs with OpenSSL
Tony Finch
dot at dotat.at
Thu May 25 14:18:42 CDT 2006
Here's an example of an OpenSSL configuration file that appears to
generate the right kind of CSRs and self-signed certs. Note that
you need OpenSSL 0.9.8 or newer.
oid_section = new_oids
[ new_oids ]
# RFC 3920 section 5.1.1 defines this OID
xmppAddr = 1.3.6.1.5.5.7.8.5
[ req ]
default_bits = 1024
default_keyfile = dotat.key
distinguished_name = distinguished_name
req_extensions = v3_extensions
x509_extensions = v3_extensions
# don't ask about the DN
prompt = no
[ distinguished_name ]
countryName = GB
stateOrProvinceName = England
localityName = Cambridge
organizationName = dotat labs
commonName = dotat.at
[ v3_extensions ]
# for certificate requests (req_extensions)
# and self-signed certificates (x509_extensions)
basicConstraints = CA:FALSE
extendedKeyUsage = serverAuth,clientAuth
subjectAltName = @subject_alternative_name
[ subject_alternative_name ]
DNS = dotat.at
otherName = xmppAddr;UTF8:dotat.at
Tony.
--
f.a.n.finch <dot at dotat.at> http://dotat.at/
DOGGER FISHER GERMAN BIGHT: WEST OR NORTHWEST 4 OR 5, OCCASIONALLY 6 IN
FISHER, BECOMING VARIABLE 3 OR 4 IN DOGGER AND GERMAN BIGHT. RAIN OR SHOWERS.
MODERATE OR GOOD.
More information about the JDev
mailing list