]>
Commit | Line | Data |
---|---|---|
4e6e57cf RS |
1 | |
2 | CN2 = Brother 2 | |
3 | ||
4 | #################################################################### | |
5 | [ req ] | |
6 | default_bits = 2048 | |
7 | default_keyfile = keySS.pem | |
8 | distinguished_name = req_distinguished_name | |
9 | encrypt_rsa_key = no | |
10 | default_md = sha1 | |
11 | ||
12 | [ req_distinguished_name ] | |
13 | countryName = Country Name (2 letter code) | |
14 | countryName_value = AU | |
15 | organizationName = Organization Name (eg, company) | |
16 | organizationName_value = Dodgy Brothers | |
17 | commonName = Common Name (eg, YOUR name) | |
18 | commonName_value = Dodgy CA | |
19 | ||
20 | #################################################################### | |
21 | [ userreq ] | |
22 | default_bits = 2048 | |
23 | default_keyfile = keySS.pem | |
24 | distinguished_name = user_dn | |
25 | encrypt_rsa_key = no | |
26 | default_md = sha256 | |
27 | prompt = no | |
28 | ||
29 | [ user_dn ] | |
30 | countryName = AU | |
31 | organizationName = Dodgy Brothers | |
32 | 0.commonName = Brother 1 | |
33 | 1.commonName = $ENV::CN2 | |
34 | ||
35 | [ v3_ee ] | |
36 | subjectKeyIdentifier = hash | |
37 | authorityKeyIdentifier = keyid,issuer:always | |
38 | basicConstraints = CA:false | |
39 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment | |
40 | ||
41 | [ v3_ee_dsa ] | |
42 | subjectKeyIdentifier = hash | |
43 | authorityKeyIdentifier = keyid:always | |
44 | basicConstraints = CA:false | |
45 | keyUsage = nonRepudiation, digitalSignature | |
46 | ||
47 | [ v3_ee_ec ] | |
48 | subjectKeyIdentifier = hash | |
49 | authorityKeyIdentifier = keyid:always | |
50 | basicConstraints = CA:false | |
51 | keyUsage = nonRepudiation, digitalSignature, keyAgreement | |
52 | ||
53 | #################################################################### | |
54 | [ ca ] | |
55 | default_ca = CA_default | |
56 | ||
57 | [ CA_default ] | |
58 | dir = ./demoCA | |
59 | certs = $dir/certs | |
60 | crl_dir = $dir/crl | |
61 | database = $dir/index.txt | |
62 | new_certs_dir = $dir/newcerts | |
63 | certificate = $dir/cacert.pem | |
64 | serial = $dir/serial | |
65 | crl = $dir/crl.pem | |
66 | private_key = $dir/private/cakey.pem | |
67 | x509_extensions = v3_ca | |
68 | name_opt = ca_default | |
69 | cert_opt = ca_default | |
70 | default_days = 365 | |
71 | default_crl_days= 30 | |
72 | default_md = sha1 | |
73 | preserve = no | |
74 | policy = policy_anything | |
75 | ||
76 | [ policy_anything ] | |
77 | countryName = optional | |
78 | stateOrProvinceName = optional | |
79 | localityName = optional | |
80 | organizationName = optional | |
81 | organizationalUnitName = optional | |
82 | commonName = supplied | |
83 | emailAddress = optional | |
84 | ||
85 | [ v3_ca ] | |
86 | subjectKeyIdentifier = hash | |
87 | authorityKeyIdentifier = keyid:always,issuer:always | |
88 | basicConstraints = critical,CA:true,pathlen:1 | |
89 | keyUsage = cRLSign, keyCertSign | |
90 | issuerAltName = issuer:copy |