2
0

ca.cnf 1.6 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465
  1. #
  2. # OpenSSL example configuration file for automated certificate creation.
  3. #
  4. # This definition stops the following lines choking if HOME or CN
  5. # is undefined.
  6. HOME = .
  7. CN = "Not Defined"
  8. default_ca = ca
  9. ####################################################################
  10. [ req ]
  11. default_bits = 2048
  12. default_keyfile = privkey.pem
  13. # Don't prompt for fields: use those in section directly
  14. prompt = no
  15. distinguished_name = req_distinguished_name
  16. x509_extensions = v3_ca # The extensions to add to the self signed cert
  17. string_mask = utf8only
  18. # req_extensions = v3_req # The extensions to add to a certificate request
  19. [ req_distinguished_name ]
  20. countryName = UK
  21. organizationName = OpenSSL Group
  22. # Take CN from environment so it can come from a script.
  23. commonName = $ENV::CN
  24. [ usr_cert ]
  25. # These extensions are added when 'ca' signs a request for an end entity
  26. # certificate
  27. basicConstraints=critical, CA:FALSE
  28. keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
  29. # PKIX recommendations harmless if included in all certificates.
  30. subjectKeyIdentifier=hash
  31. authorityKeyIdentifier=keyid
  32. [ dh_cert ]
  33. # These extensions are added when 'ca' signs a request for an end entity
  34. # DH certificate
  35. basicConstraints=critical, CA:FALSE
  36. keyUsage=critical, keyAgreement
  37. # PKIX recommendations harmless if included in all certificates.
  38. subjectKeyIdentifier=hash
  39. authorityKeyIdentifier=keyid
  40. [ v3_ca ]
  41. # Extensions for a typical CA
  42. # PKIX recommendation.
  43. subjectKeyIdentifier=hash
  44. authorityKeyIdentifier=keyid:always
  45. basicConstraints = critical,CA:true
  46. keyUsage = critical, cRLSign, keyCertSign