What exactly does the configuration of the policy subfield in the ca_default section of the ca.cnf file mean?
I don't know if I can post questions frequently. I apologize in advance for your understanding. Also, thank you for answering my existing questions. I'm trying to figure out exactly what the certificate consists of. Currently, both certificate issuance and certificate authentication are available. However, while studying how to set it up "properly," I had a question about the ca.cnf file. As far as I can see, if you specify policy_match in the policy of server.cnf, it will be compared with the CA certificate based on the [policy_match] section to decide whether to generate it or not. However, the policy in ca.cnf Specifying policy_match and changing the settings in the policy_match section didn't cause any problems. What is the significance of this section's existence? PS) This is my first time using this site. Can I only receive emails about the questions I asked? Unless you opt out of receiving all emails, there is a problem because all posts are sent via email no matter what settings you change.
On Jan 23, 2024, at 11:25 AM, 남혁준 <sawd1598@gmail.com> wrote:
As far as I can see, if you specify policy_match in the policy of server.cnf, it will be compared with the CA certificate based on the [policy_match] section to decide whether to generate it or not.
However, the policy in ca.cnf Specifying policy_match and changing the settings in the policy_match section didn't cause any problems.
What is the significance of this section's existence?
That configuration file is for OpenSSL. The file is used to create the certificates. The contents are all controlled by OpenSSL. You'll have to read the OpenSSL documentation to see what those fields are, and what they do.
PS) This is my first time using this site. Can I only receive emails about the questions I asked?
That's not how the list works, unfortunately. Alan DeKok.
participants (2)
-
Alan DeKok -
남혁준