ca.cnf 1.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566
  1. #
  2. # OpenSSL example configuration file for automated certificate creation.
  3. #
  4. # This definition stops the following lines choking if HOME or CN
  5. # is undefined.
  6. HOME = .
  7. RANDFILE = $ENV::HOME/.rnd
  8. CN = "Not Defined"
  9. default_ca = ca
  10. ####################################################################
  11. [ req ]
  12. default_bits = 2048
  13. default_keyfile = privkey.pem
  14. # Don't prompt for fields: use those in section directly
  15. prompt = no
  16. distinguished_name = req_distinguished_name
  17. x509_extensions = v3_ca # The extensions to add to the self signed cert
  18. string_mask = utf8only
  19. # req_extensions = v3_req # The extensions to add to a certificate request
  20. [ req_distinguished_name ]
  21. countryName = UK
  22. organizationName = OpenSSL Group
  23. # Take CN from environment so it can come from a script.
  24. commonName = $ENV::CN
  25. [ usr_cert ]
  26. # These extensions are added when 'ca' signs a request for an end entity
  27. # certificate
  28. basicConstraints=critical, CA:FALSE
  29. keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
  30. # PKIX recommendations harmless if included in all certificates.
  31. subjectKeyIdentifier=hash
  32. authorityKeyIdentifier=keyid
  33. [ dh_cert ]
  34. # These extensions are added when 'ca' signs a request for an end entity
  35. # DH certificate
  36. basicConstraints=critical, CA:FALSE
  37. keyUsage=critical, keyAgreement
  38. # PKIX recommendations harmless if included in all certificates.
  39. subjectKeyIdentifier=hash
  40. authorityKeyIdentifier=keyid
  41. [ v3_ca ]
  42. # Extensions for a typical CA
  43. # PKIX recommendation.
  44. subjectKeyIdentifier=hash
  45. authorityKeyIdentifier=keyid:always
  46. basicConstraints = critical,CA:true
  47. keyUsage = critical, cRLSign, keyCertSign