13 database = $dir/certs/index.txt
14 new_certs_dir = $dir/certs
15 certificate = $dir/ca/cacert.pem
16 serial = $dir/certs/serial
17 crl = $dir/crls/cacrl.pem
18 private_key = $dir/private/cakey.pem
19 x509_extensions = usr_cert
28 countryName = optional
29 stateOrProvinceName = optional
30 organizationName = optional
31 organizationalUnitName = optional
33 emailAddress = optional
37 default_keyfile = privkey.pem
38 distinguished_name = req_distinguished_name
39 attributes = req_attributes
40 x509_extensions = v3_ca
43 [ req_distinguished_name ]
44 countryName = Country Name (2 letter code)
45 countryName_default = DE
49 stateOrProvinceName = State or Province Name (full name)
50 stateOrProvinceName_default =
52 localityName = Locality Name (eg, city)
53 #localityName_default =
55 0.organizationName = Organization Name (eg, company)
56 0.organizationName_default = IPFire
58 organizationalUnitName = Organizational Unit Name (eg, section)
59 #organizationalUnitName_default =
61 commonName = Common Name (eg, your name or your server\'s hostname)
64 emailAddress = Email Address
68 challengePassword = A challenge password
69 challengePassword_min = 4
70 challengePassword_max = 20
71 unstructuredName = An optional company name
74 basicConstraints=CA:FALSE
75 nsComment = "OpenSSL Generated Certificate"
76 subjectKeyIdentifier=hash
77 authorityKeyIdentifier=keyid,issuer:always
80 basicConstraints = CA:FALSE
81 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
84 subjectKeyIdentifier=hash
85 authorityKeyIdentifier=keyid:always,issuer:always
86 basicConstraints = CA:true
89 authorityKeyIdentifier=keyid:always,issuer:always