### ============================================================== ### OpenSSL Configuration File for AAF Shibboleth Federation CA ### ============================================================== ### ## This configuration file is used to generate a Certificate Signing Request ## for the Shibboleth Federation CA. ### ### ============================== ### --- INSTRUCTIONS FOR USAGE --- ### ============================== ### ### EDITING THIS CONFIGURATION FILE ### # # Edit the sections below as noted in the comments. The sections that # require editing are: # # [ req ] (request section) # # encrypt_key : set to yes if you want your private key encrypted # # input_password / output_password : set the encryption passphrase for # your private key if you changed the value of encrypt_key. # # default_keyfile : set to the path and filename of the place you wish # store your private key # # # [ alt_section ] # # Set your IP Address and DNS name information in here. If you need to # add further entries for multi-homed systems, add extra lines and # increment the counter # # # [ req_DN_Shib ] # # In the Distinguished Name section edit the Organisation, OrgUnit Name, # commonName and emailAddress fields as appropriate. # ### ### GENERATING A CERTIFICATE SIGNING REQUEST AND PRIVATE KEY ### # # To generate a CSR and private key, run the following command (modifying # the output filename): # # openssl req -new \ # -config openssl_shiblvl3ca_certs.cnf \ # -out idp_woolloomooloo_edu_au.shiblvl3ca.pem.csr # # This will create the CSR and KEY files. ### ### PROCESSING THE REQUEST ### # # # To have your certificate signed by the AAF Shibboleth Federation CA # construct an email containing the Certificate Signing Request file, # # sp_physics_woolloomooloo_edu_au.pem.csr # # and the following information, # # Requester Name: (Full Name) # Requester Institution: (University of Woolloomooloo) # Requester Section: (Department of Physics) # Requester Telephone: (+61 X XXXX XXXX) # Requester Email: (j.bloggs@physics.woolloomooloo.edu.au) # # and send it to AusCERT at the following email address. # # AAF Shibboleth Federation CA # # with a subject like # # Subject: Service Provider CSR for sp.physics.wooloomooloo.edu.au # # or (for an attribute authority) # # Subject: Attribute Authority CSR for idp.wooloomooloo.edu.au # ### ============================================ ### --- CONFIGURATION FILE INFORMATION BELOW --- ### ============================================ ### ### Request Section ### [ req ] prompt = no email_in_dn = no dirstring_type = nobmp nameopt = RFC2253 req_extensions = req_extensions attributes = req_attributes ### ### Set the keyfile parameters ### encrypt_key = no default_keyfile = idp_woolloomooloo_edu_au.shiblvl3ca.pem.key input_password = test passphrase output_password = test passphrase default_bits = 2048 default_md = sha1 ### ### DN section for a Shibboleth Service Provider ### distinguished_name = req_DN_Shib ## ------------------------------ ## Requested X509 Extensions ## ------------------------------ [ req_extensions ] subjectAltName=@alt_section [ alt_section ] ### ### - EDIT the Email address, IP and DNS names of your host and add extra ### - entries (IP.4, DNS.5, etc) if your host is multi-homed ### email.1=idp_admin@its.woolloomooloo.edu.au IP.2=10.0.0.1 DNS.3=idp.woolloomooloo.edu.au ## --------------------- ## Shibboleth DN Section ## --------------------- [ req_DN_Shib ] countryName = AU organizationName = The University of Wooloomooloo organizationalUnitName = Information Technology Services ### ### - EDIT commonName and emailAddress as appropriate ### ### ensure the common name comprises the following ### "FQDN Hostname/Attribute Authority" or ### "FQDN Hostname/Service Provider" ### #1.organizationalUnitName = Service Provider #commonName = sp.physics.wooloomooloo.edu.au 1.organizationalUnitName = Attribute Authority commonName = idp.wooloomooloo.edu.au ## ------------------------------ ## Request Attributes ## ------------------------------ [ req_attributes ] #challengePassword = A challenge password #challengePassword_min = 4 #challengePassword_max = 20