]>
Commit | Line | Data |
---|---|---|
1 | ||
2 | #################################################################### | |
3 | [ req ] | |
4 | default_bits = 2048 | |
5 | default_keyfile = keySS.pem | |
6 | distinguished_name = req_distinguished_name | |
7 | encrypt_rsa_key = no | |
8 | default_md = sha1 | |
9 | ||
10 | [ req_distinguished_name ] | |
11 | countryName = Country Name (2 letter code) | |
12 | countryName_default = AU | |
13 | countryName_value = AU | |
14 | ||
15 | organizationName = Organization Name (eg, company) | |
16 | organizationName_value = Dodgy Brothers | |
17 | ||
18 | commonName = Common Name (eg, YOUR name) | |
19 | commonName_value = Dodgy CA | |
20 | ||
21 | #################################################################### | |
22 | [ ca ] | |
23 | default_ca = CA_default # The default ca section | |
24 | ||
25 | #################################################################### | |
26 | [ CA_default ] | |
27 | ||
28 | dir = ./demoCA # Where everything is kept | |
29 | certs = $dir/certs # Where the issued certs are kept | |
30 | crl_dir = $dir/crl # Where the issued crl are kept | |
31 | database = $dir/index.txt # database index file. | |
32 | #unique_subject = no # Set to 'no' to allow creation of | |
33 | # several certificates with same subject. | |
34 | new_certs_dir = $dir/newcerts # default place for new certs. | |
35 | ||
36 | certificate = $dir/cacert.pem # The CA certificate | |
37 | serial = $dir/serial # The current serial number | |
38 | crl = $dir/crl.pem # The current CRL | |
39 | private_key = $dir/private/cakey.pem# The private key | |
40 | ||
41 | x509_extensions = v3_ca # The extensions to add to the cert | |
42 | ||
43 | name_opt = ca_default # Subject Name options | |
44 | cert_opt = ca_default # Certificate field options | |
45 | ||
46 | default_days = 365 # how long to certify for | |
47 | default_crl_days= 30 # how long before next CRL | |
48 | default_md = md5 # which md to use. | |
49 | preserve = no # keep passed DN ordering | |
50 | ||
51 | policy = policy_anything | |
52 | ||
53 | [ policy_anything ] | |
54 | countryName = optional | |
55 | stateOrProvinceName = optional | |
56 | localityName = optional | |
57 | organizationName = optional | |
58 | organizationalUnitName = optional | |
59 | commonName = supplied | |
60 | emailAddress = optional | |
61 | ||
62 | ||
63 | ||
64 | [ v3_ca ] | |
65 | subjectKeyIdentifier=hash | |
66 | authorityKeyIdentifier=keyid:always,issuer:always | |
67 | basicConstraints = critical,CA:true,pathlen:1 | |
68 | keyUsage = cRLSign, keyCertSign | |
69 | issuerAltName=issuer:copy |