]>
Commit | Line | Data |
---|---|---|
d02b48c6 RE |
1 | # |
2 | # SSLeay example configuration file. | |
3 | # This is mostly being used for generation of certificate requests. | |
4 | # | |
5 | ||
6 | RANDFILE = $ENV::HOME/.rnd | |
7 | ||
8 | #################################################################### | |
9 | [ ca ] | |
10 | default_ca = CA_default # The default ca section | |
11 | ||
12 | #################################################################### | |
13 | [ CA_default ] | |
14 | ||
15 | dir = ./demoCA # Where everything is kept | |
16 | certs = $dir/certs # Where the issued certs are kept | |
17 | crl_dir = $dir/crl # Where the issued crl are kept | |
18 | database = $dir/index.txt # database index file. | |
19 | new_certs_dir = $dir/newcerts # default place for new certs. | |
20 | ||
21 | certificate = $dir/cacert.pem # The CA certificate | |
22 | serial = $dir/serial # The current serial number | |
23 | crl = $dir/crl.pem # The current CRL | |
24 | private_key = $dir/private/cakey.pem# The private key | |
25 | RANDFILE = $dir/private/.rand # private random number file | |
26 | ||
27 | x509_extensions = x509v3_extensions # The extentions to add to the cert | |
28 | default_days = 365 # how long to certify for | |
29 | default_crl_days= 30 # how long before next CRL | |
30 | default_md = md5 # which md to use. | |
31 | preserve = no # keep passed DN ordering | |
32 | ||
33 | # A few difference way of specifying how similar the request should look | |
34 | # For type CA, the listed attributes must be the same, and the optional | |
35 | # and supplied fields are just that :-) | |
36 | policy = policy_match | |
37 | ||
38 | # For the CA policy | |
39 | [ policy_match ] | |
40 | countryName = match | |
41 | stateOrProvinceName = match | |
42 | organizationName = match | |
43 | organizationalUnitName = optional | |
44 | commonName = supplied | |
45 | emailAddress = optional | |
46 | ||
47 | # For the 'anything' policy | |
48 | # At this point in time, you must list all acceptable 'object' | |
49 | # types. | |
50 | [ policy_anything ] | |
51 | countryName = optional | |
52 | stateOrProvinceName = optional | |
53 | localityName = optional | |
54 | organizationName = optional | |
55 | organizationalUnitName = optional | |
56 | commonName = supplied | |
57 | emailAddress = optional | |
58 | ||
59 | #################################################################### | |
60 | [ req ] | |
61 | default_bits = 1024 | |
62 | default_keyfile = privkey.pem | |
63 | distinguished_name = req_distinguished_name | |
64 | attributes = req_attributes | |
65 | ||
66 | [ req_distinguished_name ] | |
67 | countryName = Country Name (2 letter code) | |
68 | countryName_default = AU | |
69 | countryName_min = 2 | |
70 | countryName_max = 2 | |
71 | ||
72 | stateOrProvinceName = State or Province Name (full name) | |
73 | stateOrProvinceName_default = Some-State | |
74 | ||
75 | localityName = Locality Name (eg, city) | |
76 | ||
77 | 0.organizationName = Organization Name (eg, company) | |
78 | 0.organizationName_default = Internet Widgits Pty Ltd | |
79 | ||
80 | # we can do this but it is not needed normally :-) | |
81 | #1.organizationName = Second Organization Name (eg, company) | |
82 | #1.organizationName_default = CryptSoft Pty Ltd | |
83 | ||
84 | organizationalUnitName = Organizational Unit Name (eg, section) | |
85 | #organizationalUnitName_default = | |
86 | ||
87 | commonName = Common Name (eg, YOUR name) | |
88 | commonName_max = 64 | |
89 | ||
90 | emailAddress = Email Address | |
91 | emailAddress_max = 40 | |
92 | ||
93 | [ req_attributes ] | |
94 | challengePassword = A challenge password | |
95 | challengePassword_min = 4 | |
96 | challengePassword_max = 20 | |
97 | ||
98 | unstructuredName = An optional company name | |
99 | ||
100 | [ x509v3_extensions ] | |
101 | ||
102 | nsCaRevocationUrl = http://www.cryptsoft.com/ca-crl.pem | |
103 | nsComment = "This is a comment" | |
104 | ||
105 | # under ASN.1, the 0 bit would be encoded as 80 | |
106 | nsCertType = 0x40 | |
107 | ||
108 | #nsBaseUrl | |
109 | #nsRevocationUrl | |
110 | #nsRenewalUrl | |
111 | #nsCaPolicyUrl | |
112 | #nsSslServerName | |
113 | #nsCertSequence | |
114 | #nsCertExt | |
115 | #nsDataType | |
116 |