stunnel4/tools/openssl.cnf

# OpenSSL configuration file to create a server certificate
# by Michal Trojnara 1998-2017

[ req ]
# comment out the next line to protect the private key with a passphrase
encrypt_key                     = no
# the default key length is secure and quite fast - do not change it
default_bits                    = 2048
default_md                      = sha1
x509_extensions                 = stunnel_extensions
distinguished_name              = stunnel_dn

[ stunnel_extensions ]
nsCertType                      = server
basicConstraints                = CA:TRUE,pathlen:0
keyUsage                        = keyCertSign
extendedKeyUsage                = serverAuth
nsComment                       = "stunnel self-signed certificate"

[ stunnel_dn ]
countryName = Country Name (2 letter code)
countryName_default             = PL
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Mazovia Province

localityName                    = Locality Name (eg, city)
localityName_default            = Warsaw

organizationName                = Organization Name (eg, company)
organizationName_default        = Stunnel Developers

organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Provisional CA

0.commonName                    = Common Name (FQDN of your server)
0.commonName_default            = localhost

# To create a certificate for more than one name uncomment:
# 1.commonName                  = DNS alias of your server
# 2.commonName                  = DNS alias of your server
# ...
# See http://home.netscape.com/eng/security/ssl_2.0_certificate.html
# to see how Netscape understands commonName.
Imported Upstream version 4.53 2017-03-28 09:58:13 +02:00			`# OpenSSL configuration file to create a server certificate`
Imported Upstream version 5.42 2017-11-15 15:03:25 +01:00			`# by Michal Trojnara 1998-2017`
Imported Upstream version 4.53 2017-03-28 09:58:13 +02:00
			`[ req ]`
			`# comment out the next line to protect the private key with a passphrase`
			`encrypt_key = no`
Imported Upstream version 5.42 2017-11-15 15:03:25 +01:00			`# the default key length is secure and quite fast - do not change it`
			`default_bits = 2048`
			`default_md = sha1`
			`x509_extensions = stunnel_extensions`
			`distinguished_name = stunnel_dn`
Imported Upstream version 4.53 2017-03-28 09:58:13 +02:00
Imported Upstream version 5.42 2017-11-15 15:03:25 +01:00			`[ stunnel_extensions ]`
			`nsCertType = server`
			`basicConstraints = CA:TRUE,pathlen:0`
			`keyUsage = keyCertSign`
			`extendedKeyUsage = serverAuth`
			`nsComment = "stunnel self-signed certificate"`

			`[ stunnel_dn ]`
Imported Upstream version 4.53 2017-03-28 09:58:13 +02:00			`countryName = Country Name (2 letter code)`
			`countryName_default = PL`
			`countryName_min = 2`
			`countryName_max = 2`

			`stateOrProvinceName = State or Province Name (full name)`
			`stateOrProvinceName_default = Mazovia Province`

			`localityName = Locality Name (eg, city)`
			`localityName_default = Warsaw`

			`organizationName = Organization Name (eg, company)`
			`organizationName_default = Stunnel Developers`

			`organizationalUnitName = Organizational Unit Name (eg, section)`
			`organizationalUnitName_default = Provisional CA`

			`0.commonName = Common Name (FQDN of your server)`
			`0.commonName_default = localhost`

			`# To create a certificate for more than one name uncomment:`
			`# 1.commonName = DNS alias of your server`
			`# 2.commonName = DNS alias of your server`
			`# ...`
			`# See http://home.netscape.com/eng/security/ssl_2.0_certificate.html`
			`# to see how Netscape understands commonName.`