| # [ v3_selfsign ] |
| basicConstraints = critical,CA:true |
| keyUsage = keyCertSign |
| subjectKeyIdentifier=hash |
| |
| #################################################################### |
| #################################################################### |
| [ req ] |
| default_bits = 2432 |
| default_keyfile = cakey.pem |
| default_md = sha256 |
| distinguished_name = req_DN |
| string_mask = utf8only |
| x509_extensions = v3_selfsign |
| |
| [ req_DN ] |
| commonName = "Common Name" |
| commonName_value = "CA" |
| |
| [ v3_selfsign ] |
| basicConstraints = critical,CA:true |
| keyUsage = keyCertSign |
| subjectKeyIdentifier=hash |
| |
| #################################################################### |
| [ ca ] |
| default_ca = CA_default # The default ca section |
| |
| #################################################################### |
| [ CA_default ] |
| |
| dir = ./demoCA |
| certificate = ./demoCA/cacert.pem |
| serial = ./demoCA/serial |
| private_key = ./demoCA/private/cakey.pem |
| new_certs_dir = ./demoCA/newcerts |
| |
| certificate = cacert.pem |
| private_key = cakey.pem |
| |
| x509_extensions = v3_user |
| |
| name_opt = ca_default # Subject Name options |
| cert_opt = ca_default # Certificate field options |
| |
| policy = policy_anything |
| |
| [ policy_anything ] |
| countryName = optional |
| stateOrProvinceName = optional |
| localityName = optional |
| organizationName = optional |
| organizationalUnitName = optional |
| commonName = supplied |
| emailAddress = optional |
| |
| [ v3_user ] |
| basicConstraints=critical,CA:FALSE |
| subjectKeyIdentifier=hash |
| authorityKeyIdentifier=keyid,issuer |
| issuerAltName=issuer:copy |
| |