| # [ CA_default ] |
| |
| dir = ./demoCA # Where everything is kept |
| certs = $dir/certs # Where the issued certs are kept |
| crl_dir = $dir/crl # Where the issued crl are kept |
| database = $dir/index.txt # database index file. |
| #unique_subject = no # Set to 'no' to allow creation of |
| # several certificates with same subject. |
| new_certs_dir = $dir/newcerts # default place for new certs. |
| |
| certificate = $dir/cacert.pem # The CA certificate |
| serial = $dir/serial # The current serial number |
| crl = $dir/crl.pem # The current CRL |
| private_key = $dir/private/cakey.pem# The private key |
| RANDFILE = $dir/private/.rand # private random number file |
| |
| x509_extensions = v3_ca # The extensions to add to the cert |
| |
| name_opt = ca_default # Subject Name options |
| cert_opt = ca_default # Certificate field options |
| |
| default_days = 365 # how long to certify for |
| default_crl_days= 30 # how long before next CRL |
| default_md = md5 # which md to use. |
| preserve = no # keep passed DN ordering |
| |
| policy = policy_anything |
| |
| # |
| # SSLeay example configuration file. |
| # This is mostly being used for generation of certificate requests. |
| # |
| |
| RANDFILE = ./.rnd |
| |
| #################################################################### |
| [ req ] |
| default_bits = 2048 |
| default_keyfile = keySS.pem |
| distinguished_name = req_distinguished_name |
| encrypt_rsa_key = no |
| default_md = sha1 |
| |
| [ req_distinguished_name ] |
| countryName = Country Name (2 letter code) |
| countryName_default = AU |
| countryName_value = AU |
| |
| organizationName = Organization Name (eg, company) |
| organizationName_value = Dodgy Brothers |
| |
| commonName = Common Name (eg, YOUR name) |
| commonName_value = Dodgy CA |
| |
| #################################################################### |
| [ ca ] |
| default_ca = CA_default # The default ca section |
| |
| #################################################################### |
| [ CA_default ] |
| |
| dir = ./demoCA # Where everything is kept |
| certs = $dir/certs # Where the issued certs are kept |
| crl_dir = $dir/crl # Where the issued crl are kept |
| database = $dir/index.txt # database index file. |
| #unique_subject = no # Set to 'no' to allow creation of |
| # several certificates with same subject. |
| new_certs_dir = $dir/newcerts # default place for new certs. |
| |
| certificate = $dir/cacert.pem # The CA certificate |
| serial = $dir/serial # The current serial number |
| crl = $dir/crl.pem # The current CRL |
| private_key = $dir/private/cakey.pem# The private key |
| RANDFILE = $dir/private/.rand # private random number file |
| |
| x509_extensions = v3_ca # The extensions to add to the cert |
| |
| name_opt = ca_default # Subject Name options |
| cert_opt = ca_default # Certificate field options |
| |
| default_days = 365 # how long to certify for |
| default_crl_days= 30 # how long before next CRL |
| default_md = md5 # which md to use. |
| preserve = no # keep passed DN ordering |
| |
| policy = policy_anything |
| |
| [ policy_anything ] |
| countryName = optional |
| stateOrProvinceName = optional |
| localityName = optional |
| organizationName = optional |
| organizationalUnitName = optional |
| commonName = supplied |
| emailAddress = optional |
| |
| |
| |
| [ v3_ca ] |
| subjectKeyIdentifier=hash |
| authorityKeyIdentifier=keyid:always,issuer:always |
| basicConstraints = critical,CA:true,pathlen:1 |
| keyUsage = cRLSign, keyCertSign |
| issuerAltName=issuer:copy |