certificate CA certificate private_key CA private key serial The serial number which the CA is currently at. Openssl uses this internally to keep track of things. database This is the database of signed certificates. This is, as you might expect, where certs go after we sign them. "dir" is not a key that openssl recognizes, so it's just a varible.Ĭerts / new_certs_dir Depending on version, one or the other of these may be used, so we assign one a value and assign it to the other. Here we start our CA_default section and defined a variable to hold our base directory. This "default" section to use can be overridden by passing -name to ca. However, the only thing that should be in the CA section is the name of the default CA's section. The "ca" section defines the way the CA acts when using the ca command to sign certificates. This means there is no finite list of possible sections that the parser understands. Sometimes a key's value is expected to be a section name. Anything within a section is a simple key=value pair. For starters, it's an INI-type file, which means sections begin with and run until the next section begins. Let's start with how the file is structured. But most options are documented in in the man pages of the subcommands they relate to, and its hard to get a full picture of how the config file works. The man page for nf covers syntax, and in some cases specifics.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |