首页 发现 帮助
登录
OWEALs
/
openssl
镜像自地址 git://git.openssl.org/openssl.git
2
0
派生 0
文件 工单管理 1 Wiki
目录树: 3ea20ce281
分支列表 标签列表
openssl
/
test
/
smime-certs
/
ca.cnf

ca.cnf 2.1 KB
文件历史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. #
    2. 

  2. # OpenSSL example configuration file for automated certificate creation.
    3. 

  3. #
    4. 

  4. 

  5. # Comment out the next line to ignore configuration errors
    6. 

  6. config_diagnostics = 1
    7. 

  7. 

  8. # This definition stops the following lines choking if HOME or CN
    9. 

  9. # is undefined.
    10. 

  10. HOME			= .
    11. 

  11. CN			= "Not Defined"
    12. 

  12. default_ca		= ca
    13. 

  13. 

  14. ####################################################################
    15. 

  15. 

  16. [ req ]
    17. 

  17. default_bits		= 2048
    18. 

  18. default_keyfile 	= privkey.pem
    19. 

  19. # Don't prompt for fields: use those in section directly
    20. 

  20. prompt			= no
    21. 

  21. distinguished_name	= req_distinguished_name
    22. 

  22. x509_extensions         = v3_ca # The extensions to add to the self signed cert
    23. 

  23. string_mask             = utf8only
    24. 

  24. 

  25. # req_extensions = v3_req # The extensions to add to a certificate request
    26. 

  26. 

  27. [ req_distinguished_name ]
    28. 

  28. countryName			= UK
    29. 

  29. 

  30. organizationName		= OpenSSL Group
    31. 

  31. # Take CN from environment so it can come from a script.
    32. 

  32. commonName			= $ENV::CN
    33. 

  33. 

  34. [ usr_rsa_cert ]
    35. 

  35. 

  36. # These extensions are added when 'ca' signs a request for a normal end-entity
    37. 

  37. # certificate with key usage restrictions compatible with RSA keys
    38. 

  38. 

  39. basicConstraints = CA:FALSE
    40. 

  40. keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
    41. 

  41. 

  42. # Following SKID and AKID settings are meanwhile by default in all certificates.
    43. 

  43. # See doc/man5/x509v3_config.pod for details.
    44. 

  44. 

  45. # subjectKeyIdentifier   = hash
    46. 

  46. # authorityKeyIdentifier = keyid, issuer
    47. 

  47. 

  48. [ signer_cert ]
    49. 

  49. 

  50. basicConstraints = CA:FALSE
    51. 

  51. keyUsage = critical, digitalSignature
    52. 

  52. 

  53. [ dh_cert ]
    54. 

  54. 

  55. # These extensions are added when 'ca' signs a request for an end-entity
    56. 

  56. # DH certificate, for which only key agreement makes sense
    57. 

  57. 

  58. basicConstraints = CA:FALSE
    59. 

  59. keyUsage = critical, keyAgreement
    60. 

  60. 

  61. [ codesign_cert ]
    62. 

  62. 

  63. # These extensions are added when 'ca' signs a request for a code-signing
    64. 

  64. # end-entity certificate compatible with RSA and ECC keys
    65. 

  65. 

  66. basicConstraints = CA:FALSE
    67. 

  67. keyUsage = critical, digitalSignature
    68. 

  68. extendedKeyUsage = codeSigning
    69. 

  69. 

  70. [ v3_ca ]
    71. 

  71. 

  72. # Extensions for a typical CA as required by RFC 5280 etc.
    73. 

  73. # SKID and AKID are by default set according to PKIX recommendation.
    74. 

  74. 

  75. basicConstraints = critical, CA:true
    76. 

  76. keyUsage = critical, cRLSign, keyCertSign
    77.