local/net-snmp-cert.conf - vendor/opensource/netsnmp - Git at Google

 #
 # Net-SNMP Certificate Generation and Management Tool Configuration
 #

 # default mode to non-interactive
 # interactive = false

 # location of 'tls' directory relative to configuration dir
 # tlsDir = ./tls

 # encryptCA = false - XXX not-implemented
 # encryptCrt = false - XXX not-implemented

 # default valid lifetime duration for CA certificates
 # caDays = 1825

 # default valid lifetime duration for certificates
 # crtDays = 365

 # default key types generated
 # keyType = rsa

 # default key size generated
 # keySize = 2048

 # default type of message digest used
 # msgDigest = sha1

 # to set individual defaults, a specific identity may be indicated
 # on the net-snmp-cert command line: '--identity <id>' or '-i <id>'
 # values defined at the global/file level will be used unless
 # overriden by values supplied in the specified identity.

 identity = {
    id = nocadm
    host = net-snmp.org
    cn = Client-identity
    email = admin@net-snmp.org
    org = Net-SNMP Developers
    orgUnit = SNMP-DTLS
    country = US
    state = MA
    locality = Boston

    # 10 years
    caDays = 3654
    # 2 years
    crtDays = 730

    subjectAltName = email:client@net-snmp.org
    subjectAltName = URI:http://net-snmp.org
 };

 identity = {
    id = CA-identity
    host = net-snmp.org
    cn = CA-identity
    email = ca-admin@net-snmp.org
    org = Net-SNMP Developers
    orgUnit = SNMP-DTLS
    country = US
    state = MA
    locality = Boston

    # 10 years
    caDays = 1000
    # 2 years
    crtDays = 500

    subjectAltName = DNS:test.net-snmp.org
 };
	#
	# Net-SNMP Certificate Generation and Management Tool Configuration
	#

	# default mode to non-interactive
	# interactive = false

	# location of 'tls' directory relative to configuration dir
	# tlsDir = ./tls

	# encryptCA = false - XXX not-implemented
	# encryptCrt = false - XXX not-implemented

	# default valid lifetime duration for CA certificates
	# caDays = 1825

	# default valid lifetime duration for certificates
	# crtDays = 365

	# default key types generated
	# keyType = rsa

	# default key size generated
	# keySize = 2048

	# default type of message digest used
	# msgDigest = sha1

	# to set individual defaults, a specific identity may be indicated
	# on the net-snmp-cert command line: '--identity <id>' or '-i <id>'
	# values defined at the global/file level will be used unless
	# overriden by values supplied in the specified identity.

	identity = {
	id = nocadm
	host = net-snmp.org
	cn = Client-identity
	email = admin@net-snmp.org
	org = Net-SNMP Developers
	orgUnit = SNMP-DTLS
	country = US
	state = MA
	locality = Boston

	# 10 years
	caDays = 3654
	# 2 years
	crtDays = 730

	subjectAltName = email:client@net-snmp.org
	subjectAltName = URI:http://net-snmp.org
	};

	identity = {
	id = CA-identity
	host = net-snmp.org
	cn = CA-identity
	email = ca-admin@net-snmp.org
	org = Net-SNMP Developers
	orgUnit = SNMP-DTLS
	country = US
	state = MA
	locality = Boston

	# 10 years
	caDays = 1000
	# 2 years
	crtDays = 500

	subjectAltName = DNS:test.net-snmp.org
	};