You use the configuration file to generate a certificate for the Mirage Gateway server.

1. Create a configuration file in C:\certs named server.conf.
2. Add the required information to the configuration file.

   Change the information in italics to match your environment.

   [ ca ]
   default_ca = myca
   
   [ crl_ext ]
   authorityKeyIdentifier=keyid:always
   
   [ myca ]
   dir = ./
   new_certs_dir = $dir
   unique_subject = no
   certificate = $dir/root.cer
   database = $dir/certindex
   private_key = $dir/privkey.pem
   serial = $dir/certserial
   default_days = #ofdays
   default_md = sha512
   policy = myca_policy
   x509_extensions = myca_extensions
   crlnumber = $dir/crlnumber
   default_crl_days = #ofcrldays
   
   [ myca_policy ]
   commonName = supplied
   stateOrProvinceName = optional
   localityName = optional
   countryName = optional
   emailAddress = optional
   organizationName = optional
   organizationalUnitName = optional
   
   [ myca_extensions ]
   basicConstraints = CA:false
   subjectKeyIdentifier = hash
   authorityKeyIdentifier = keyid:always
   keyUsage = digitalSignature,keyEncipherment,dataEncipherment
   extendedKeyUsage = serverAuth
   # Alternative Subject Name defined in alt_names
   # subjectAltName  = @alt_names
   
   [alt_names]
   # if it contains dns type name, then it MUST be used and CN of subject MUST be ignored. Please refer to rfc2818 for details.
   # following items as example:
   #dns.1=*.miragedomain.com
   #dns.2=*.example.com
   
   

   #ofdays is the number of days the certificate is valid. #ofcrldays is the number of days before the next CRL.

Results

The OpenSSL configuration file for the Mirage Gateway server is created.

What to do next

Generate the certificate request.