tigervnc-standalone-server 1.7.0+dfsg-8ubuntu2 / etc / tigervnc / ssleay.cnf

This file is indexed.

/etc/tigervnc/ssleay.cnf is in tigervnc-standalone-server 1.7.0+dfsg-8ubuntu2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# This openssl configuration file is used to auto generate a self signed
# certificate for the -X509Cert and -X509Key options of the Xtigervnc server.
# The magic @HostName@ value is substituted by the fully qualified domain name
# of the machine. The openssl command used to auto generate the certificate is
# specified in /etc/vnc.conf with the $sslAutoGenCertCommand option.
#
# If the user wants their own certificate, instead of the on demand auto
# generated one, they can either specify it via the -X509Cert and -X509Key
# options to tigervncserver or replaces the auto generated files
# ~/.vnc/${HOSTFQDN}-SrvCert.pem and ~/.vnc/${HOSTFQDN}-SrvKey.pem in their
# home directory. These files will not be overwritten once generated by the
# tigervncserver wrapper script.

RANDFILE                = /dev/urandom

[ req ]
default_bits            = 4096
default_keyfile         = privkey.pem
distinguished_name      = req_distinguished_name
prompt                  = no
policy			= policy_anything
req_extensions          = v3_req
x509_extensions         = v3_req

# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret

# This option specifies the digest algorithm to use. Possible values include
# md5 sha1 mdc2. If not present then MD5 is used. This option can be overridden
# on the command line.
default_md = sha256

# This sets a mask for permitted string types. There are several options. 
# default: PrintableString, T61String, BMPString.
# pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
string_mask = utf8only

[ req_distinguished_name ]
commonName     = @HostName@

[ v3_req ]
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.

basicConstraints=CA:FALSE

# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.

# This is OK for an SSL server.
nsCertType = server

# This is typical in keyUsage for a client certificate.
#keyUsage = nonRepudiation, digitalSignature, keyEncipherment
keyUsage = digitalSignature, keyEncipherment

# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer

subjectAltName = @alt_names

[alt_names]
DNS.1          = @HostName@
DNS.2          = localhost

APT Browse - Built by Thomas Orozco.