ca-and-certs.cnf 2.2 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889
  1. # Comment out the next line to ignore configuration errors
  2. config_diagnostics = 1
  3. CN2 = Brother 2
  4. ####################################################################
  5. [ req ]
  6. distinguished_name = req_distinguished_name
  7. encrypt_rsa_key = no
  8. default_md = sha1
  9. [ req_distinguished_name ]
  10. countryName = Country Name (2 letter code)
  11. countryName_value = AU
  12. organizationName = Organization Name (eg, company)
  13. organizationName_value = Dodgy Brothers
  14. commonName = Common Name (eg, YOUR name)
  15. commonName_value = Dodgy CA
  16. ####################################################################
  17. [ userreq ]
  18. distinguished_name = user_dn
  19. encrypt_rsa_key = no
  20. default_md = sha256
  21. prompt = no
  22. [ user_dn ]
  23. countryName = AU
  24. organizationName = Dodgy Brothers
  25. 0.commonName = Brother 1
  26. 1.commonName = $ENV::CN2
  27. [ v3_ee ]
  28. subjectKeyIdentifier = hash
  29. authorityKeyIdentifier = keyid,issuer:always
  30. basicConstraints = CA:false
  31. keyUsage = nonRepudiation, digitalSignature, keyEncipherment
  32. [ v3_ee_dsa ]
  33. subjectKeyIdentifier = hash
  34. authorityKeyIdentifier = keyid:always
  35. basicConstraints = CA:false
  36. keyUsage = nonRepudiation, digitalSignature
  37. [ v3_ee_ec ]
  38. subjectKeyIdentifier = hash
  39. authorityKeyIdentifier = keyid:always
  40. basicConstraints = CA:false
  41. keyUsage = nonRepudiation, digitalSignature, keyAgreement
  42. ####################################################################
  43. [ ca ]
  44. default_ca = CA_default
  45. [ CA_default ]
  46. dir = ./demoCA
  47. certs = $dir/certs
  48. crl_dir = $dir/crl
  49. database = $dir/index.txt
  50. new_certs_dir = $dir/newcerts
  51. certificate = $dir/cacert.pem
  52. serial = $dir/serial
  53. crl = $dir/crl.pem
  54. private_key = $dir/private/cakey.pem
  55. x509_extensions = v3_ca
  56. name_opt = ca_default
  57. cert_opt = ca_default
  58. default_days = 365
  59. default_crl_days= 30
  60. default_md = sha1
  61. preserve = no
  62. policy = policy_anything
  63. [ policy_anything ]
  64. countryName = optional
  65. stateOrProvinceName = optional
  66. localityName = optional
  67. organizationName = optional
  68. organizationalUnitName = optional
  69. commonName = supplied
  70. emailAddress = optional
  71. [ v3_ca ]
  72. subjectKeyIdentifier = hash
  73. authorityKeyIdentifier = keyid:always,issuer:always
  74. basicConstraints = critical,CA:true,pathlen:1
  75. keyUsage = cRLSign, keyCertSign
  76. issuerAltName = issuer:copy