We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent e5207c2 commit a8dd5c7Copy full SHA for a8dd5c7
blog/25-09-29/name-constraints-in-x509-certificate/ex/config.txt
@@ -0,0 +1,19 @@
1
+[ req ]
2
+distinguished_name = req_distinguished_name
3
+x509_extensions = v3_ca
4
+prompt = no
5
+
6
+[ req_distinguished_name ]
7
+CN = My Test CA
8
9
+[ v3_ca ]
10
+basicConstraints = critical, CA:TRUE
11
+keyUsage = critical, keyCertSign, cRLSign
12
+subjectKeyIdentifier = hash
13
+nameConstraints = critical, @nc
14
15
+[ nc ]
16
+permitted;DNS.1 = .example.com
17
+permitted;DNS.2 = .internal.local
18
+excluded;DNS.1 = .malicious.com
19
+permitted;IP.1 = 192.168.0.0/255.255.0.0
0 commit comments