Головна сторінка Огляд Довідка
Увійти
OWEALs
/
openssl
дзеркало git://git.openssl.org/openssl.git
2
0
Відгалуження 0
Файли Проблеми 1 Wiki
Дерево: 3b107b86ca
Гілки Теги
openssl
/
test
/
ca-and-certs.cnf

ca-and-certs.cnf 2.2 KB
Історія Запис

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091 
  1. 

  2. # Comment out the next line to ignore configuration errors
    3. 

  3. config_diagnostics = 1
    4. 

  4. 

  5. CN2 = Brother 2
    6. 

  6. 

  7. ####################################################################
    8. 

  8. [ req ]
    9. 

  9. distinguished_name	= req_distinguished_name
    10. 

  10. encrypt_rsa_key		= no
    11. 

  11. default_md		= sha1
    12. 

  12. 

  13. [ req_distinguished_name ]
    14. 

  14. countryName			= Country Name (2 letter code)
    15. 

  15. countryName_value		= AU
    16. 

  16. organizationName		= Organization Name (eg, company)
    17. 

  17. organizationName_value		= Dodgy Brothers
    18. 

  18. commonName			= Common Name (eg, YOUR name)
    19. 

  19. commonName_value		= Dodgy CA
    20. 

  20. 

  21. ####################################################################
    22. 

  22. [ userreq ]
    23. 

  23. distinguished_name	= user_dn
    24. 

  24. encrypt_rsa_key		= no
    25. 

  25. default_md		= sha256
    26. 

  26. prompt			= no
    27. 

  27. 

  28. [ user_dn ]
    29. 

  29. countryName		= AU
    30. 

  30. organizationName	= Dodgy Brothers
    31. 

  31. 0.commonName		= Brother 1
    32. 

  32. 1.commonName		= $ENV::CN2
    33. 

  33. 

  34. [ empty ]
    35. 

  35. 

  36. [ v3_ee ]
    37. 

  37. subjectKeyIdentifier	= hash
    38. 

  38. authorityKeyIdentifier	= keyid,issuer:always
    39. 

  39. basicConstraints 	= CA:false
    40. 

  40. keyUsage		= nonRepudiation, digitalSignature, keyEncipherment
    41. 

  41. 

  42. [ v3_ee_dsa ]
    43. 

  43. subjectKeyIdentifier	= hash
    44. 

  44. authorityKeyIdentifier	= keyid:always
    45. 

  45. basicConstraints	= CA:false
    46. 

  46. keyUsage		= nonRepudiation, digitalSignature
    47. 

  47. 

  48. [ v3_ee_ec ]
    49. 

  49. subjectKeyIdentifier	= hash
    50. 

  50. authorityKeyIdentifier	= keyid:always
    51. 

  51. basicConstraints	= CA:false
    52. 

  52. keyUsage		= nonRepudiation, digitalSignature, keyAgreement
    53. 

  53. 

  54. ####################################################################
    55. 

  55. [ ca ]
    56. 

  56. default_ca	= CA_default
    57. 

  57. 

  58. [ CA_default ]
    59. 

  59. dir		= ./demoCA
    60. 

  60. certs		= $dir/certs
    61. 

  61. crl_dir		= $dir/crl
    62. 

  62. database	= $dir/index.txt
    63. 

  63. new_certs_dir	= $dir/newcerts
    64. 

  64. certificate	= $dir/cacert.pem
    65. 

  65. serial		= $dir/serial
    66. 

  66. crl		= $dir/crl.pem
    67. 

  67. private_key	= $dir/private/cakey.pem
    68. 

  68. x509_extensions	= v3_ca
    69. 

  69. name_opt 	= ca_default
    70. 

  70. cert_opt 	= ca_default
    71. 

  71. default_days	= 365
    72. 

  72. default_crl_days= 30
    73. 

  73. default_md	= sha1
    74. 

  74. preserve	= no
    75. 

  75. policy		= policy_anything
    76. 

  76. 

  77. [ policy_anything ]
    78. 

  78. countryName		= optional
    79. 

  79. stateOrProvinceName	= optional
    80. 

  80. localityName		= optional
    81. 

  81. organizationName	= optional
    82. 

  82. organizationalUnitName	= optional
    83. 

  83. commonName		= supplied
    84. 

  84. emailAddress		= optional
    85. 

  85. 

  86. [ v3_ca ]
    87. 

  87. subjectKeyIdentifier	= hash
    88. 

  88. authorityKeyIdentifier	= keyid:always,issuer:always
    89. 

  89. basicConstraints 	= critical,CA:true,pathlen:1
    90. 

  90. keyUsage		= cRLSign, keyCertSign
    91. 

  91. issuerAltName		= issuer:copy
    92.