Domů Procházet Nápověda
Přihlásit se
OWEALs
/
openssl
zrcadlo git://git.openssl.org/openssl.git
2
0
Rozštěpit 0
Soubory Úkoly 1 Wiki
Strom: 691c9cd16b
Větve Značky
openssl
/
test
/
ca-and-certs.cnf

ca-and-certs.cnf 2.1 KB
Historie Surový

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 
  1. 

  2. CN2 = Brother 2
    3. 

  3. 

  4. ####################################################################
    5. 

  5. [ req ]
    6. 

  6. distinguished_name	= req_distinguished_name
    7. 

  7. encrypt_rsa_key		= no
    8. 

  8. default_md		= sha1
    9. 

  9. 

  10. [ req_distinguished_name ]
    11. 

  11. countryName			= Country Name (2 letter code)
    12. 

  12. countryName_value		= AU
    13. 

  13. organizationName		= Organization Name (eg, company)
    14. 

  14. organizationName_value		= Dodgy Brothers
    15. 

  15. commonName			= Common Name (eg, YOUR name)
    16. 

  16. commonName_value		= Dodgy CA
    17. 

  17. 

  18. ####################################################################
    19. 

  19. [ userreq ]
    20. 

  20. distinguished_name	= user_dn
    21. 

  21. encrypt_rsa_key		= no
    22. 

  22. default_md		= sha256
    23. 

  23. prompt			= no
    24. 

  24. 

  25. [ user_dn ]
    26. 

  26. countryName		= AU
    27. 

  27. organizationName	= Dodgy Brothers
    28. 

  28. 0.commonName		= Brother 1
    29. 

  29. 1.commonName		= $ENV::CN2
    30. 

  30. 

  31. [ v3_ee ]
    32. 

  32. subjectKeyIdentifier	= hash
    33. 

  33. authorityKeyIdentifier	= keyid,issuer:always
    34. 

  34. basicConstraints 	= CA:false
    35. 

  35. keyUsage		= nonRepudiation, digitalSignature, keyEncipherment
    36. 

  36. 

  37. [ v3_ee_dsa ]
    38. 

  38. subjectKeyIdentifier	= hash
    39. 

  39. authorityKeyIdentifier	= keyid:always
    40. 

  40. basicConstraints	= CA:false
    41. 

  41. keyUsage		= nonRepudiation, digitalSignature
    42. 

  42. 

  43. [ v3_ee_ec ]
    44. 

  44. subjectKeyIdentifier	= hash
    45. 

  45. authorityKeyIdentifier	= keyid:always
    46. 

  46. basicConstraints	= CA:false
    47. 

  47. keyUsage		= nonRepudiation, digitalSignature, keyAgreement
    48. 

  48. 

  49. ####################################################################
    50. 

  50. [ ca ]
    51. 

  51. default_ca	= CA_default
    52. 

  52. 

  53. [ CA_default ]
    54. 

  54. dir		= ./demoCA
    55. 

  55. certs		= $dir/certs
    56. 

  56. crl_dir		= $dir/crl
    57. 

  57. database	= $dir/index.txt
    58. 

  58. new_certs_dir	= $dir/newcerts
    59. 

  59. certificate	= $dir/cacert.pem
    60. 

  60. serial		= $dir/serial
    61. 

  61. crl		= $dir/crl.pem
    62. 

  62. private_key	= $dir/private/cakey.pem
    63. 

  63. x509_extensions	= v3_ca
    64. 

  64. name_opt 	= ca_default
    65. 

  65. cert_opt 	= ca_default
    66. 

  66. default_days	= 365
    67. 

  67. default_crl_days= 30
    68. 

  68. default_md	= sha1
    69. 

  69. preserve	= no
    70. 

  70. policy		= policy_anything
    71. 

  71. 

  72. [ policy_anything ]
    73. 

  73. countryName		= optional
    74. 

  74. stateOrProvinceName	= optional
    75. 

  75. localityName		= optional
    76. 

  76. organizationName	= optional
    77. 

  77. organizationalUnitName	= optional
    78. 

  78. commonName		= supplied
    79. 

  79. emailAddress		= optional
    80. 

  80. 

  81. [ v3_ca ]
    82. 

  82. subjectKeyIdentifier	= hash
    83. 

  83. authorityKeyIdentifier	= keyid:always,issuer:always
    84. 

  84. basicConstraints 	= critical,CA:true,pathlen:1
    85. 

  85. keyUsage		= cRLSign, keyCertSign
    86. 

  86. issuerAltName		= issuer:copy
    87.