You use the configuration file to generate a certificate for the Mirage Gateway server.

Prerequisites

Procedure

  1. Create a configuration file in C:\certs named server.conf.
  2. Add the required information to the configuration file.

    Change the information in italics to match your environment.

    [ ca ]
    default_ca = myca
    
    [ crl_ext ]
    authorityKeyIdentifier=keyid:always
    
    [ myca ]
    dir = ./
    new_certs_dir = $dir
    unique_subject = no
    certificate = $dir/root.cer
    database = $dir/certindex
    private_key = $dir/privkey.pem
    serial = $dir/certserial
    default_days = #ofdays
    default_md = sha512
    policy = myca_policy
    x509_extensions = myca_extensions
    crlnumber = $dir/crlnumber
    default_crl_days = #ofcrldays
    
    [ myca_policy ]
    commonName = supplied
    stateOrProvinceName = optional
    localityName = optional
    countryName = optional
    emailAddress = optional
    organizationName = optional
    organizationalUnitName = optional
    
    [ myca_extensions ]
    basicConstraints = CA:false
    subjectKeyIdentifier = hash
    authorityKeyIdentifier = keyid:always
    keyUsage = digitalSignature,keyEncipherment,dataEncipherment
    extendedKeyUsage = serverAuth
    # Alternative Subject Name defined in alt_names
    # subjectAltName  = @alt_names
    
    [alt_names]
    # if it contains dns type name, then it MUST be used and CN of subject MUST be ignored. Please refer to rfc2818 for details.
    # following items as example:
    #dns.1=*.miragedomain.com
    #dns.2=*.example.com
    
    

    #ofdays is the number of days the certificate is valid. #ofcrldays is the number of days before the next CRL.

Results

The OpenSSL configuration file for the Mirage Gateway server is created.

What to do next

Generate the certificate request.