1252ab50eSmiod# default settings 2252ab50eSmiodCERTPATHLEN = 1 3252ab50eSmiodCERTUSAGE = digitalSignature,keyCertSign,cRLSign 4252ab50eSmiodEXTCERTUSAGE = serverAuth,clientAuth 5252ab50eSmiodCERTIP = 0.0.0.0 6252ab50eSmiodCERTFQDN = nohost.nodomain 7252ab50eSmiod 8252ab50eSmiod# This section should be referenced when building an x509v3 CA 9252ab50eSmiod# Certificate. 10*be7b688eStobias# The default path length and the key usage can be overridden 11252ab50eSmiod# modified by setting the CERTPATHLEN and CERTUSAGE environment 12252ab50eSmiod# variables. 13252ab50eSmiod[x509v3_CA] 14252ab50eSmiodbasicConstraints=critical,CA:true,pathlen:$ENV::CERTPATHLEN 15252ab50eSmiodkeyUsage=$ENV::CERTUSAGE 16252ab50eSmiod 17252ab50eSmiod# This section should be referenced to add an IP Address 18252ab50eSmiod# as an alternate subject name, needed by isakmpd 19252ab50eSmiod# The address must be provided in the CERTIP environment variable 20252ab50eSmiod[x509v3_IPAddr] 21252ab50eSmiodsubjectAltName=IP:$ENV::CERTIP 22252ab50eSmiodextendedKeyUsage=$ENV::EXTCERTUSAGE 23252ab50eSmiod 24252ab50eSmiod# This section should be referenced to add a FQDN hostname 25252ab50eSmiod# as an alternate subject name, needed by isakmpd 26252ab50eSmiod# The address must be provided in the CERTFQDN environment variable 27252ab50eSmiod[x509v3_FQDN] 28252ab50eSmiodsubjectAltName=DNS:$ENV::CERTFQDN 29252ab50eSmiodextendedKeyUsage=$ENV::EXTCERTUSAGE 30