test/ca-and-certs.cnf

   1
   2 # Comment out the next line to ignore configuration errors
   3 config_diagnostics = 1
   4
   5 CN2 = Brother 2
   6
   7 ####################################################################
   8 [ req ]
   9 distinguished_name      = req_distinguished_name
  10 encrypt_rsa_key         = no
  11 default_md              = sha1
  12
  13 [ req_distinguished_name ]
  14 countryName                     = Country Name (2 letter code)
  15 countryName_value               = AU
  16 organizationName                = Organization Name (eg, company)
  17 organizationName_value          = Dodgy Brothers
  18 commonName                      = Common Name (eg, YOUR name)
  19 commonName_value                = Dodgy CA
  20
  21 ####################################################################
  22 [ userreq ]
  23 distinguished_name      = user_dn
  24 encrypt_rsa_key         = no
  25 default_md              = sha256
  26 prompt                  = no
  27
  28 [ user_dn ]
  29 countryName             = AU
  30 organizationName        = Dodgy Brothers
  31 0.commonName            = Brother 1
  32 1.commonName            = $ENV::CN2
  33
  34 [ empty ]
  35
  36 [ v3_ee ]
  37 subjectKeyIdentifier    = hash
  38 authorityKeyIdentifier  = keyid,issuer:always
  39 basicConstraints        = CA:false
  40 keyUsage                = nonRepudiation, digitalSignature, keyEncipherment
  41
  42 [ v3_ee_dsa ]
  43 subjectKeyIdentifier    = hash
  44 authorityKeyIdentifier  = keyid:always
  45 basicConstraints        = CA:false
  46 keyUsage                = nonRepudiation, digitalSignature
  47
  48 [ v3_ee_ec ]
  49 subjectKeyIdentifier    = hash
  50 authorityKeyIdentifier  = keyid:always
  51 basicConstraints        = CA:false
  52 keyUsage                = nonRepudiation, digitalSignature, keyAgreement
  53
  54 ####################################################################
  55 [ ca ]
  56 default_ca      = CA_default
  57
  58 [ CA_default ]
  59 dir             = ./demoCA
  60 certs           = $dir/certs
  61 crl_dir         = $dir/crl
  62 database        = $dir/index.txt
  63 new_certs_dir   = $dir/newcerts
  64 certificate     = $dir/cacert.pem
  65 serial          = $dir/serial
  66 crl             = $dir/crl.pem
  67 private_key     = $dir/private/cakey.pem
  68 x509_extensions = v3_ca
  69 name_opt        = ca_default
  70 cert_opt        = ca_default
  71 default_days    = 365
  72 default_crl_days= 30
  73 default_md      = sha1
  74 preserve        = no
  75 policy          = policy_anything
  76
  77 [ policy_anything ]
  78 countryName             = optional
  79 stateOrProvinceName     = optional
  80 localityName            = optional
  81 organizationName        = optional
  82 organizationalUnitName  = optional
  83 commonName              = supplied
  84 emailAddress            = optional
  85
  86 [ v3_ca ]
  87 subjectKeyIdentifier    = hash
  88 authorityKeyIdentifier  = keyid:always,issuer:always
  89 basicConstraints        = critical,CA:true,pathlen:1
  90 keyUsage                = cRLSign, keyCertSign
  91 issuerAltName           = issuer:copy