<br />
<b>Deprecated</b>:  The each() function is deprecated. This message will be suppressed on further calls in <b>/home/zhenxiangba/zhenxiangba.com/public_html/phproxy-improved-master/index.php</b> on line <b>456</b><br />
--- openssl.cnf.org	2016-11-07 23:32:01.608088075 +0900
+++ openssl_xrdp.cnf	2016-11-09 19:51:07.000000000 +0900
@@ -1,6 +1,14 @@
 #
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
+# OpenSSL configuration file to generate xrdp host certificates.
+#
+
+# !! Edit those lines before use !!
+#
+# In section [ req_distinguished_name ]
+#   stateOrProvinceName = Your Prefecture
+#   localityName = Your City
+#   0.organizationName = Your Organization
+#   commonName = xrdp-server Hostname
 #
 
 # This definition stops the following lines choking if HOME isn't
@@ -63,7 +71,7 @@
 cert_opt 	= ca_default		# Certificate field options
 
 # Extension copying option: use with caution.
-# copy_extensions = copy
+copy_extensions = copy
 
 # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
 # so this is commented out by default to leave a V1 CRL.
@@ -83,9 +91,10 @@
 # For the CA policy
 [ policy_match ]
 countryName		= match
-stateOrProvinceName	= match
-organizationName	= match
-organizationalUnitName	= optional
+stateOrProvinceName	= supplied
+localityName		= supplied
+organizationName	= supplied
+organizationalUnitName	= supplied
 commonName		= supplied
 emailAddress		= optional
 
@@ -93,11 +102,11 @@
 # At this point in time, you must list all acceptable 'object'
 # types.
 [ policy_anything ]
-countryName		= optional
-stateOrProvinceName	= optional
-localityName		= optional
-organizationName	= optional
-organizationalUnitName	= optional
+countryName		= supplied
+stateOrProvinceName	= supplied
+localityName		= supplied
+organizationName	= supplied
+organizationalUnitName	= supplied
 commonName		= supplied
 emailAddress		= optional
 
@@ -107,8 +116,10 @@
 default_md		= sha256
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
-attributes		= req_attributes
+# attributes		= req_attributes
 x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+encrypt_key = no
+prompt = no
 
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret
@@ -123,35 +134,15 @@
 # WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
 string_mask = utf8only
 
-# req_extensions = v3_req # The extensions to add to a certificate request
+req_extensions = v3_req
 
 [ req_distinguished_name ]
-countryName			= Country Name (2 letter code)
-countryName_default		= XX
-countryName_min			= 2
-countryName_max			= 2
-
-stateOrProvinceName		= State or Province Name (full name)
-#stateOrProvinceName_default	= Default Province
-
-localityName			= Locality Name (eg, city)
-localityName_default		= Default City
-
-0.organizationName		= Organization Name (eg, company)
-0.organizationName_default	= Default Company Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName		= Second Organization Name (eg, company)
-#1.organizationName_default	= World Wide Web Pty Ltd
-
-organizationalUnitName		= Organizational Unit Name (eg, section)
-#organizationalUnitName_default	=
-
-commonName			= Common Name (eg, your name or your server\'s hostname)
-commonName_max			= 64
-
-emailAddress			= Email Address
-emailAddress_max		= 64
+countryName = JP
+stateOrProvinceName = Aichi
+localityName = Nagoya
+0.organizationName = Hoge Net
+organizationalUnitName = Information Tech
+commonName = centos7u
 
 # SET-ex3			= SET extension number 3
 
@@ -187,7 +178,7 @@
 # nsCertType = client, email, objsign
 
 # This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 
 # This will be displayed in Netscape's comment listbox.
 nsComment			= "OpenSSL Generated Certificate"
@@ -221,7 +212,8 @@
 # Extensions to add to a certificate request
 
 basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment
+extendedKeyUsage = serverAuth, clientAuth
 
 [ v3_ca ]
 
@@ -244,7 +236,7 @@
 # Key usage: this is typical for a CA certificate. However since it will
 # prevent it being used as an test self-signed certificate it is best
 # left out by default.
-# keyUsage = cRLSign, keyCertSign
+keyUsage = cRLSign, keyCertSign
 
 # Some might want this also
 # nsCertType = sslCA, emailCA