123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110 |
- [ ca ]
- default_ca = CA_default
- [ CA_default ]
- dir = .
- certs = $dir/certs
- new_certs_dir = $dir/certs
- database = $dir/certs/ecc/index.txt
- serial = $dir/certs/ecc/serial
- RANDFILE = $dir/private/.rand
- private_key = $dir/certs/ca-ecc-key.pem
- certificate = $dir/certs/ca-ecc-cert.pem
- crlnumber = $dir/certs/ecc/crlnumber
- crl_extensions = crl_ext
- default_crl_days = 1000
- default_md = sha256
- name_opt = ca_default
- cert_opt = ca_default
- default_days = 3650
- preserve = no
- policy = policy_loose
- [ policy_strict ]
- countryName = match
- stateOrProvinceName = match
- organizationName = match
- organizationalUnitName = optional
- commonName = supplied
- emailAddress = optional
- [ policy_loose ]
- countryName = optional
- stateOrProvinceName = optional
- localityName = optional
- organizationName = optional
- organizationalUnitName = optional
- commonName = supplied
- emailAddress = optional
- [ req ]
- default_bits = 2048
- distinguished_name = req_distinguished_name
- string_mask = utf8only
- default_md = sha256
- x509_extensions = v3_ca
- [ req_distinguished_name ]
- countryName = US
- stateOrProvinceName = Washington
- localityName = Seattle
- 0.organizationName = wolfSSL
- organizationalUnitName = Development
- commonName = www.wolfssl.com
- emailAddress = info@wolfssl.com
- [ v3_ca ]
- subjectKeyIdentifier = hash
- authorityKeyIdentifier = keyid:always,issuer
- basicConstraints = critical, CA:true
- keyUsage = critical, digitalSignature, cRLSign, keyCertSign
- [ v3_intermediate_ca ]
- subjectKeyIdentifier = hash
- authorityKeyIdentifier = keyid:always,issuer
- basicConstraints = critical, CA:true, pathlen:0
- keyUsage = critical, digitalSignature, cRLSign, keyCertSign
- [ usr_cert ]
- basicConstraints = CA:FALSE
- nsCertType = client, email
- subjectKeyIdentifier = hash
- authorityKeyIdentifier = keyid,issuer
- keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
- extendedKeyUsage = clientAuth, emailProtection
- [ server_cert ]
- basicConstraints = CA:FALSE
- nsCertType = server
- subjectKeyIdentifier = hash
- authorityKeyIdentifier = keyid,issuer:always
- keyUsage = critical, digitalSignature, keyEncipherment, keyAgreement
- extendedKeyUsage = serverAuth
- [ crl_ext ]
- authorityKeyIdentifier=keyid:always
|