1# $OpenBSD: crt.in,v 1.3 2021/12/21 13:50:35 tobhe Exp $ 2 3[ req ] 4default_bits = 2048 # default strength of client certificates 5default_md = sha2 6encrypt_key = yes # "no" is equivalent to -nodes 7prompt = no 8string_mask = utf8only 9distinguished_name = dn # root certificate name 10req_extensions = req_cert_extensions 11 12[dn] 13C=DE 14ST=Bavaria 15L=Munich 16O=iked 17CN=${ENV::ALTNAME} 18 19[ req_cert_extensions ] 20subjectAltName = @alt_names #;otherName = ${ENV::ALTNAME}-other 21 22[ v3_intermediate_ca ] 23basicConstraints = critical, CA:true, pathlen:0 24 25[ alt_names ] 26DNS.1=${ENV::ALTNAME} 27DNS.2=${ENV::ALTNAME}-alternative 28email= ${ENV::ALTNAME}@openbsd.org 29