Jump to navigation Jump to search
no edit summary
This page provides an example of an OpenSSL configuration file that appears to generate Certificate Signing Requests (CSRs) and self-signed certificates that conform to the format defined in RFC 3920 (note: you need OpenSSL 0.9.8 or newer). If you find errors on this page, please fix them! Naturally you can create a certificate at the [ XMPP ICA] and ask the ICA to create the CSR for you, so this step is not strictly necessary (other CAs may offer a similar service).

oid_section = new_oids

[ new_oids ]

# RFC 3920 section 5.1.1 defines this OID

xmppAddr =

[ req ]

default_bits = 1024
default_keyfile = dotat.key
distinguished_name = distinguished_name
req_extensions = v3_extensions
x509_extensions = v3_extensions

# don't ask about the DN
prompt = no

[ distinguished_name ]

countryName = GB
stateOrProvinceName = England
localityName = Cambridge
organizationName = dotat labs

commonName =

[ v3_extensions ]

# for certificate requests (req_extensions)
# and self-signed certificates (x509_extensions)

basicConstraints = CA:FALSE
keyUsage = digitalSignature,keyEncipherment
subjectAltName = @subject_alternative_name

[ subject_alternative_name ]

DNS.0 =
otherName.0 = xmppAddr;
Append the following for a server which handles multiple domain names:
DNS.1 =
otherName.1 = xmppAddr;
Thanks to Tony Finch for the information.


Navigation menu