Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Tree: 211da00b79
Branches Tags
openssl
/
demos
/
certs
/
ca.cnf

ca.cnf 2.2 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 
  1. #
    2. 

  2. # OpenSSL example configuration file for automated certificate creation.
    3. 

  3. #
    4. 

  4. 

  5. # This definition stops the following lines choking if HOME or CN
    6. 

  6. # is undefined.
    7. 

  7. HOME			= .
    8. 

  8. RANDFILE		= $ENV::HOME/.rnd
    9. 

  9. CN			= "Not Defined"
    10. 

  10. default_ca		= ca
    11. 

  11. 

  12. ####################################################################
    13. 

  13. [ req ]
    14. 

  14. default_bits		= 1024
    15. 

  15. default_keyfile 	= privkey.pem
    16. 

  16. # Don't prompt for fields: use those in section directly
    17. 

  17. prompt			= no
    18. 

  18. distinguished_name	= req_distinguished_name
    19. 

  19. x509_extensions	= v3_ca	# The extensions to add to the self signed cert
    20. 

  20. string_mask = utf8only
    21. 

  21. 

  22. # req_extensions = v3_req # The extensions to add to a certificate request
    23. 

  23. 

  24. [ req_distinguished_name ]
    25. 

  25. countryName			= UK
    26. 

  26. 

  27. organizationName		= OpenSSL Group
    28. 

  28. # Take CN from environment so it can come from a script.
    29. 

  29. commonName			= $ENV::CN
    30. 

  30. 

  31. [ usr_cert ]
    32. 

  32. 

  33. # These extensions are added when 'ca' signs a request for an end entity
    34. 

  34. # certificate
    35. 

  35. 

  36. basicConstraints=critical, CA:FALSE
    37. 

  37. keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
    38. 

  38. 

  39. # This will be displayed in Netscape's comment listbox.
    40. 

  40. nsComment			= "OpenSSL Generated Certificate"
    41. 

  41. 

  42. # PKIX recommendations harmless if included in all certificates.
    43. 

  43. subjectKeyIdentifier=hash
    44. 

  44. authorityKeyIdentifier=keyid
    45. 

  45. # OCSP responder certificate
    46. 

  46. [ ocsp_cert ]
    47. 

  47. 

  48. basicConstraints=critical, CA:FALSE
    49. 

  49. keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
    50. 

  50. 

  51. # This will be displayed in Netscape's comment listbox.
    52. 

  52. nsComment			= "OpenSSL Generated Certificate"
    53. 

  53. 

  54. # PKIX recommendations harmless if included in all certificates.
    55. 

  55. subjectKeyIdentifier=hash
    56. 

  56. authorityKeyIdentifier=keyid
    57. 

  57. extendedKeyUsage=OCSPSigning
    58. 

  58. 

  59. [ dh_cert ]
    60. 

  60. 

  61. # These extensions are added when 'ca' signs a request for an end entity
    62. 

  62. # DH certificate
    63. 

  63. 

  64. basicConstraints=critical, CA:FALSE
    65. 

  65. keyUsage=critical, keyAgreement
    66. 

  66. 

  67. # PKIX recommendations harmless if included in all certificates.
    68. 

  68. subjectKeyIdentifier=hash
    69. 

  69. authorityKeyIdentifier=keyid
    70. 

  70. 

  71. [ v3_ca ]
    72. 

  72. 

  73. 

  74. # Extensions for a typical CA
    75. 

  75. 

  76. # PKIX recommendation.
    77. 

  77. 

  78. subjectKeyIdentifier=hash
    79. 

  79. authorityKeyIdentifier=keyid:always
    80. 

  80. basicConstraints = critical,CA:true
    81. 

  81. keyUsage = critical, cRLSign, keyCertSign
    82. 

  82. 

  83. # Minimal CA entry to allow generation of CRLs.
    84. 

  84. [ca]
    85. 

  85. database=index.txt
    86. 

  86. crlnumber=crlnum.txt
    87.