2 # Comment out the next line to ignore configuration errors
7 ####################################################################
9 distinguished_name = req_distinguished_name
13 [ req_distinguished_name ]
14 countryName = Country Name (2 letter code)
15 countryName_value = AU
16 organizationName = Organization Name (eg, company)
17 organizationName_value = Dodgy Brothers
18 commonName = Common Name (eg, YOUR name)
19 commonName_value = Dodgy CA
21 ####################################################################
23 distinguished_name = user_dn
30 organizationName = Dodgy Brothers
31 0.commonName = Brother 1
32 1.commonName = $ENV::CN2
37 subjectKeyIdentifier = hash
38 authorityKeyIdentifier = keyid,issuer:always
39 basicConstraints = CA:false
40 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
43 subjectKeyIdentifier = hash
44 authorityKeyIdentifier = keyid:always
45 basicConstraints = CA:false
46 keyUsage = nonRepudiation, digitalSignature
49 subjectKeyIdentifier = hash
50 authorityKeyIdentifier = keyid:always
51 basicConstraints = CA:false
52 keyUsage = nonRepudiation, digitalSignature, keyAgreement
54 ####################################################################
56 default_ca = CA_default
62 database = $dir/index.txt
63 new_certs_dir = $dir/newcerts
64 certificate = $dir/cacert.pem
67 private_key = $dir/private/cakey.pem
68 x509_extensions = v3_ca
75 policy = policy_anything
78 countryName = optional
79 stateOrProvinceName = optional
80 localityName = optional
81 organizationName = optional
82 organizationalUnitName = optional
84 emailAddress = optional
87 subjectKeyIdentifier = hash
88 authorityKeyIdentifier = keyid:always,issuer:always
89 basicConstraints = critical,CA:true,pathlen:1
90 keyUsage = cRLSign, keyCertSign
91 issuerAltName = issuer:copy