Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Branch: openssl-3.3
Branches Tags
openssl
/
demos
/
certs
/
ca.cnf

ca.cnf 2.0 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 
  1. #
    2. 

  2. # OpenSSL example configuration file for automated certificate creation.
    3. 

  3. #
    4. 

  4. 

  5. # This definition stops the following lines choking if HOME or CN
    6. 

  6. # is undefined.
    7. 

  7. HOME			= .
    8. 

  8. CN			= "Not Defined"
    9. 

  9. default_ca		= ca
    10. 

  10. 

  11. # Comment out the next line to ignore configuration errors
    12. 

  12. config_diagnostics = 1
    13. 

  13. 

  14. ####################################################################
    15. 

  15. [ req ]
    16. 

  16. default_bits		= 1024
    17. 

  17. default_keyfile 	= privkey.pem
    18. 

  18. # Don't prompt for fields: use those in section directly
    19. 

  19. prompt			= no
    20. 

  20. distinguished_name	= req_distinguished_name
    21. 

  21. x509_extensions	= v3_ca	# The extensions to add to the self signed cert
    22. 

  22. string_mask = utf8only
    23. 

  23. 

  24. # req_extensions = v3_req # The extensions to add to a certificate request
    25. 

  25. 

  26. [ req_distinguished_name ]
    27. 

  27. countryName			= UK
    28. 

  28. 

  29. organizationName		= OpenSSL Group
    30. 

  30. # Take CN from environment so it can come from a script.
    31. 

  31. commonName			= $ENV::CN
    32. 

  32. 

  33. [ usr_cert ]
    34. 

  34. 

  35. # These extensions are added when 'ca' signs a request for an end entity
    36. 

  36. # certificate
    37. 

  37. 

  38. basicConstraints=critical, CA:FALSE
    39. 

  39. keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
    40. 

  40. 

  41. # PKIX recommendations harmless if included in all certificates.
    42. 

  42. subjectKeyIdentifier=hash
    43. 

  43. authorityKeyIdentifier=keyid
    44. 

  44. # OCSP responder certificate
    45. 

  45. [ ocsp_cert ]
    46. 

  46. 

  47. basicConstraints=critical, CA:FALSE
    48. 

  48. keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
    49. 

  49. 

  50. # PKIX recommendations harmless if included in all certificates.
    51. 

  51. subjectKeyIdentifier=hash
    52. 

  52. authorityKeyIdentifier=keyid
    53. 

  53. extendedKeyUsage=OCSPSigning
    54. 

  54. 

  55. [ dh_cert ]
    56. 

  56. 

  57. # These extensions are added when 'ca' signs a request for an end entity
    58. 

  58. # DH certificate
    59. 

  59. 

  60. basicConstraints=critical, CA:FALSE
    61. 

  61. keyUsage=critical, keyAgreement
    62. 

  62. 

  63. # PKIX recommendations harmless if included in all certificates.
    64. 

  64. subjectKeyIdentifier=hash
    65. 

  65. authorityKeyIdentifier=keyid
    66. 

  66. 

  67. [ v3_ca ]
    68. 

  68. 

  69. 

  70. # Extensions for a typical CA
    71. 

  71. 

  72. # PKIX recommendation.
    73. 

  73. 

  74. subjectKeyIdentifier=hash
    75. 

  75. authorityKeyIdentifier=keyid:always
    76. 

  76. basicConstraints = critical,CA:true
    77. 

  77. keyUsage = critical, cRLSign, keyCertSign
    78. 

  78. 

  79. # Minimal CA entry to allow generation of CRLs.
    80. 

  80. [ca]
    81. 

  81. database=index.txt
    82. 

  82. crlnumber=crlnum.txt
    83.