13 database = $dir/certs/index.txt
14 new_certs_dir = $dir/certs
15 certificate = $dir/ca/cacert.pem
16 serial = $dir/certs/serial
17 crl = $dir/crls/cacrl.pem
18 private_key = $dir/private/cakey.pem
19 x509_extensions = usr_cert
26 copy_extensions = copyall
29 countryName = optional
30 stateOrProvinceName = optional
31 organizationName = optional
32 organizationalUnitName = optional
34 emailAddress = optional
38 default_keyfile = privkey.pem
39 distinguished_name = req_distinguished_name
40 attributes = req_attributes
41 x509_extensions = v3_ca
44 [ req_distinguished_name ]
45 countryName = Country Name (2 letter code)
46 countryName_default = DE
50 stateOrProvinceName = State or Province Name (full name)
51 stateOrProvinceName_default =
53 localityName = Locality Name (eg, city)
54 #localityName_default =
56 0.organizationName = Organization Name (eg, company)
57 0.organizationName_default = IPFire
59 organizationalUnitName = Organizational Unit Name (eg, section)
60 #organizationalUnitName_default =
62 commonName = Common Name (eg, your name or your server\'s hostname)
65 emailAddress = Email Address
69 challengePassword = A challenge password
70 challengePassword_min = 4
71 challengePassword_max = 20
72 unstructuredName = An optional company name
75 basicConstraints=CA:FALSE
76 nsComment = "OpenSSL Generated Certificate"
77 subjectKeyIdentifier=hash
78 authorityKeyIdentifier=keyid,issuer:always
81 basicConstraints = CA:FALSE
82 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
85 subjectKeyIdentifier=hash
86 authorityKeyIdentifier=keyid:always,issuer:always
87 basicConstraints = CA:true
90 authorityKeyIdentifier=keyid:always,issuer:always