These are configuration instructions for the openssl.cnf of the CAServer.
We shall describe the values in this file that have to be modified. Most of the default values will stay the same.
In the [ CA_default ] section, the value of dir should be changed to the directory that has the Certification Authority installed. Typically, it is /usr/local/OpenCA.
In the [ req ] section, you should modify all the variables that their name ends with _default . The default values of these variables can serve as an example. These are
Table C-1. openssl.cnf default values
Variable | Sample value |
---|---|
organizationalUnitName_default | OpenCA User |
0.organizationName_default | OpenCA |
countryName_default | GB |
stateOrProvinceName_default | Surrey |
1.organizationName_default | Arts Buildings Ltd |
Note: The essense of the default values is that when you create new users, you will be prompted with these values. If this value applies to the user, you can accept it without having to retype it.
Note: For the country name, you need to specify the ISO 3166 country code. There are two-letter and three-letter country codes. The current configuration accepts only two-letter codes.
Note: Notice that in some cases, the ISO 3166 is not the same with the Internet country domain name. For example, for the United Kingdom, the ISO 3166 country code is GB.
In the [ user_cert ] section, you may need to modify the nsCertType variable. With this variable, you specify the capabilities of the certificate. This area will be tackled in future versions of this document.
In the [ user_cert ] section, you can set the comment that will appear in the Certificate Signers' Certificate window. The variable is nsComment and it is recommended to provide a suitable description for the certificate.
In the [ user_cert ] section, you can specify the revocation URLs for both the Root CA Certificate and the other certificates. TODO AUTHOR - FUNCTIONALITY? LIST THEM.
Note: In the same group of variables, care should be taken with the nsSslServerName variable as it crashes certain versions of the Netscape® WWW browser, if it is set.