# nano /etc/ssl/openssl-server.cnf
HOME = .
RANDFILE = $ENV::HOME/.rnd
####################################################################
[ req ]
default_bits = 2048
default_keyfile = serverkey.pem
distinguished_name = server_distinguished_name
req_extensions = server_req_extensions
string_mask = utf8only
####################################################################
[ server_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = PL
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Mazowieckie
localityName = Locality Name (eg, city)
localityName_default = Warszawa
organizationName = Organization Name (eg, company)
organizationName_default = H25.pl
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = mail.h25.pl
emailAddress = Email Address
emailAddress_default = cert@h25.pl
####################################################################
[ server_req_extensions ]
subjectKeyIdentifier = hash
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
nsComment = "OpenSSL Generated Certificate"
####################################################################
[ alternate_names ]
DNS.1 = h25.pl
DNS.2 = www.h25.pl
DNS.3 = crl.h25.pl
DNS.4 = ftp.h25.pl
DNS.5 = mail.h25.pl
IP.1 = 127.0.0.1
IP.2 = ::1