2
0

ca.cnf 1.5 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556
  1. ####################################################################
  2. [ req ]
  3. default_bits = 2432
  4. default_keyfile = cakey.pem
  5. default_md = sha256
  6. distinguished_name = req_DN
  7. string_mask = utf8only
  8. x509_extensions = v3_selfsign
  9. [ req_DN ]
  10. commonName = "Common Name"
  11. commonName_value = "CA"
  12. [ v3_selfsign ]
  13. basicConstraints = critical,CA:true
  14. keyUsage = keyCertSign
  15. subjectKeyIdentifier=hash
  16. ####################################################################
  17. [ ca ]
  18. default_ca = CA_default # The default ca section
  19. ####################################################################
  20. [ CA_default ]
  21. dir = ./demoCA
  22. certificate = ./demoCA/cacert.pem
  23. serial = ./demoCA/serial
  24. private_key = ./demoCA/private/cakey.pem
  25. new_certs_dir = ./demoCA/newcerts
  26. certificate = cacert.pem
  27. private_key = cakey.pem
  28. x509_extensions = v3_user
  29. name_opt = ca_default # Subject Name options
  30. cert_opt = ca_default # Certificate field options
  31. policy = policy_anything
  32. [ policy_anything ]
  33. countryName = optional
  34. stateOrProvinceName = optional
  35. localityName = optional
  36. organizationName = optional
  37. organizationalUnitName = optional
  38. commonName = supplied
  39. emailAddress = optional
  40. [ v3_user ]
  41. basicConstraints=critical,CA:FALSE
  42. subjectKeyIdentifier=hash
  43. authorityKeyIdentifier=keyid,issuer
  44. issuerAltName=issuer:copy