|
[ req ]
|
|
prompt = no
|
|
default_bits = 4096
|
|
default_md = sha256
|
|
default_keyfile = privkey.pem
|
|
distinguished_name = req_distinguished_name
|
|
req_extensions = req_ext
|
|
|
|
[ req_distinguished_name ]
|
|
C = US
|
|
ST = Florida
|
|
L = Miami
|
|
O = Example Org
|
|
# Important value
|
|
CN = hostname123498.example.org
|
|
#emailAddress = noreply@example.org
|
|
|
|
[ req_ext ]
|
|
basicConstraints = CA:FALSE
|
|
keyUsage = digitalSignature, keyEncipherment
|
|
# this oid is szOID_NTDS_CA_SECURITY_EXT
|
|
1.3.6.1.4.1.311.25.2 = ASN1:SEQUENCE:NTDSCASecurityExt
|
|
subjectAltName = @alt_names
|
|
|
|
[ alt_names ]
|
|
# Important value
|
|
DNS.1 = hostname123498.example.org
|
|
DNS.2 = hostname123498.subnet.example.org
|
|
# hardcoded text until the sid
|
|
URI.1 = tag:microsoft.com,2022-09-14;sid:S-1-5-21-2059058832-2300889872-1288252972-490382
|
|
|
|
[ NTDSCASecurityExt ]
|
|
# If you wanted to use another SEQUENCE but that does not conform to the M$ example.
|
|
#wrappingSeq = EXPLICIT:0,SEQUENCE:ExtOid
|
|
# The EXPLICIT,0 is required to get the specific context which is displayed by asn1parse as: cont [ 0 ]
|
|
szOID_NTDS_OBJECTSID = EXPLICIT:0,OID:1.3.6.1.4.1.311.25.2.1
|
|
# Important value
|
|
key = EXPLICIT:0,OCTETSTRING:S-1-5-21-2059058832-2300889872-1288252972-490382
|
|
|
|
[ ExtOid ]
|
|
oid = OID:1.3.6.1.4.1.311.25.2.1
|