mitmproxy/libmproxy/resources/ca.cnf

[ req ]
prompt = no
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
req_extensions = v3_ca_req

[ req_distinguished_name ]
organizationName                = mitmproxy
commonName                      = mitmproxy

[ v3_ca ]
basicConstraints = critical,CA:true
keyUsage = cRLSign, keyCertSign
extendedKeyUsage=serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC
nsCertType = sslCA

[ v3_ca_req ]
basicConstraints = critical,CA:true
keyUsage = cRLSign, keyCertSign
extendedKeyUsage=serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC
nsCertType = sslCA

[ v3_cert ]
basicConstraints = CA:false
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage=serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC
nsCertType = server

[ v3_cert_req ]
basicConstraints = CA:false
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage=serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC
nsCertType = server
Clean up certificate generation. - Use templates for config files. We can re-introduce customization of the certificate attributes when we need them. - Split CA and cert generation into separate functions. - Generation methods provide an error return when generation fails. - When the user explicitly specifies a certificate, we don't generate it, but fail if it doesn't exist. 2011-02-19 23:12:55 +00:00			`[ req ]`
			`prompt = no`
			`distinguished_name = req_distinguished_name`
			`x509_extensions = v3_ca`
			`req_extensions = v3_ca_req`

			`[ req_distinguished_name ]`
Docs, minor cert tweaks. 2011-03-17 20:04:49 +00:00			`organizationName = mitmproxy`
			`commonName = mitmproxy`
Clean up certificate generation. - Use templates for config files. We can re-introduce customization of the certificate attributes when we need them. - Split CA and cert generation into separate functions. - Generation methods provide an error return when generation fails. - When the user explicitly specifies a certificate, we don't generate it, but fail if it doesn't exist. 2011-02-19 23:12:55 +00:00
			`[ v3_ca ]`
			`basicConstraints = critical,CA:true`
			`keyUsage = cRLSign, keyCertSign`
Docs, minor cert tweaks. 2011-03-17 20:04:49 +00:00			`extendedKeyUsage=serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC`
Clean up certificate generation. - Use templates for config files. We can re-introduce customization of the certificate attributes when we need them. - Split CA and cert generation into separate functions. - Generation methods provide an error return when generation fails. - When the user explicitly specifies a certificate, we don't generate it, but fail if it doesn't exist. 2011-02-19 23:12:55 +00:00			`nsCertType = sslCA`

			`[ v3_ca_req ]`
			`basicConstraints = critical,CA:true`
			`keyUsage = cRLSign, keyCertSign`
Docs, minor cert tweaks. 2011-03-17 20:04:49 +00:00			`extendedKeyUsage=serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC`
Clean up certificate generation. - Use templates for config files. We can re-introduce customization of the certificate attributes when we need them. - Split CA and cert generation into separate functions. - Generation methods provide an error return when generation fails. - When the user explicitly specifies a certificate, we don't generate it, but fail if it doesn't exist. 2011-02-19 23:12:55 +00:00			`nsCertType = sslCA`

			`[ v3_cert ]`
			`basicConstraints = CA:false`
			`keyUsage = nonRepudiation, digitalSignature, keyEncipherment`
Docs, minor cert tweaks. 2011-03-17 20:04:49 +00:00			`extendedKeyUsage=serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC`
Clean up certificate generation. - Use templates for config files. We can re-introduce customization of the certificate attributes when we need them. - Split CA and cert generation into separate functions. - Generation methods provide an error return when generation fails. - When the user explicitly specifies a certificate, we don't generate it, but fail if it doesn't exist. 2011-02-19 23:12:55 +00:00			`nsCertType = server`

			`[ v3_cert_req ]`
			`basicConstraints = CA:false`
			`keyUsage = nonRepudiation, digitalSignature, keyEncipherment`
Docs, minor cert tweaks. 2011-03-17 20:04:49 +00:00			`extendedKeyUsage=serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC`
Clean up certificate generation. - Use templates for config files. We can re-introduce customization of the certificate attributes when we need them. - Split CA and cert generation into separate functions. - Generation methods provide an error return when generation fails. - When the user explicitly specifies a certificate, we don't generate it, but fail if it doesn't exist. 2011-02-19 23:12:55 +00:00			`nsCertType = server`