|The Open–source PKI Book: A guide to PKIs and Open–source Implementations|
|Prev||Appendix D. OpenCA Installation details||Next|
These are configuration instructions for the openssl.cnf of the CAServer.
We describe the values in this file that require modification. Most of the default values remain the same.
In the [ CA_default ] section, the value of dir should be changed to the directory that has the Certification Authority installed. Typically, it is /usr/local/OpenCA.
In the [ req ] section, you should modify all the variables that their name ends with _default . The default values of these variables serve as an example. These are:
Table D-7. openssl.cnf default values
|1.organizationName_default||Arts Buildings Ltd|
The essence of the default values is that when you create new users, you are prompted with these values. If this value applies to the user, you can accept it without having to retype it.
For the country name, you need to specify the ISO 3166 country code. There are two- and three-letter country codes. The current configuration supports two-letter codes.
Notice that in some cases, the ISO 3166 is not the same with the Internet country domain name. For example, for the United Kingdom, the ISO 3166 country code is GB.
In the [ user_cert ] section, you may need to modify the nsCertType variable. With this variable, you specify the capabilities of the certificate. This area will be tackled in future versions of this document.
In the [ user_cert ] section, you can set the comment that appears in the Certificate Signers' Certificate window. The variable is nsComment and you should provide a suitable description for the certificate.
In the [ user_cert ] section, you can specify the revocation URLs for both the Root CA Certificate and the other certificates.
In the same group of variables, care should be taken with the nsSslServerName variable as it crashes certain versions of the Netscape® WWW browser, if it is set.