2
0

ca.cnf 2.0 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182
  1. #
  2. # OpenSSL example configuration file for automated certificate creation.
  3. #
  4. # This definition stops the following lines choking if HOME or CN
  5. # is undefined.
  6. HOME = .
  7. CN = "Not Defined"
  8. default_ca = ca
  9. # Comment out the next line to ignore configuration errors
  10. config_diagnostics = 1
  11. ####################################################################
  12. [ req ]
  13. default_bits = 1024
  14. default_keyfile = privkey.pem
  15. # Don't prompt for fields: use those in section directly
  16. prompt = no
  17. distinguished_name = req_distinguished_name
  18. x509_extensions = v3_ca # The extensions to add to the self signed cert
  19. string_mask = utf8only
  20. # req_extensions = v3_req # The extensions to add to a certificate request
  21. [ req_distinguished_name ]
  22. countryName = UK
  23. organizationName = OpenSSL Group
  24. # Take CN from environment so it can come from a script.
  25. commonName = $ENV::CN
  26. [ usr_cert ]
  27. # These extensions are added when 'ca' signs a request for an end entity
  28. # certificate
  29. basicConstraints=critical, CA:FALSE
  30. keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
  31. # PKIX recommendations harmless if included in all certificates.
  32. subjectKeyIdentifier=hash
  33. authorityKeyIdentifier=keyid
  34. # OCSP responder certificate
  35. [ ocsp_cert ]
  36. basicConstraints=critical, CA:FALSE
  37. keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
  38. # PKIX recommendations harmless if included in all certificates.
  39. subjectKeyIdentifier=hash
  40. authorityKeyIdentifier=keyid
  41. extendedKeyUsage=OCSPSigning
  42. [ dh_cert ]
  43. # These extensions are added when 'ca' signs a request for an end entity
  44. # DH certificate
  45. basicConstraints=critical, CA:FALSE
  46. keyUsage=critical, keyAgreement
  47. # PKIX recommendations harmless if included in all certificates.
  48. subjectKeyIdentifier=hash
  49. authorityKeyIdentifier=keyid
  50. [ v3_ca ]
  51. # Extensions for a typical CA
  52. # PKIX recommendation.
  53. subjectKeyIdentifier=hash
  54. authorityKeyIdentifier=keyid:always
  55. basicConstraints = critical,CA:true
  56. keyUsage = critical, cRLSign, keyCertSign
  57. # Minimal CA entry to allow generation of CRLs.
  58. [ca]
  59. database=index.txt
  60. crlnumber=crlnum.txt