blob: ea2ec34cbb737041a68da6da77d9de99c69dede2 [file] [log] [blame]
David Benjamin33b56922022-12-31 17:16:53 -05001# [ v3_ca ]
2
3
4# Extensions for a typical CA
5
6# PKIX recommendation.
7
8subjectKeyIdentifier=hash
9authorityKeyIdentifier=keyid:always
10basicConstraints = critical,CA:true
11keyUsage = critical, cRLSign, keyCertSign
12
13
14#
15# OpenSSL example configuration file for automated certificate creation.
16#
17
18# This definition stops the following lines choking if HOME or CN
19# is undefined.
20HOME = .
21RANDFILE = $ENV::HOME/.rnd
22CN = "Not Defined"
23default_ca = ca
24
25####################################################################
26[ req ]
27default_bits = 2048
28default_keyfile = privkey.pem
29# Don't prompt for fields: use those in section directly
30prompt = no
31distinguished_name = req_distinguished_name
32x509_extensions = v3_ca # The extensions to add to the self signed cert
33string_mask = utf8only
34
35# req_extensions = v3_req # The extensions to add to a certificate request
36
37[ req_distinguished_name ]
38countryName = UK
39
40organizationName = OpenSSL Group
41# Take CN from environment so it can come from a script.
42commonName = $ENV::CN
43
44[ usr_cert ]
45
46# These extensions are added when 'ca' signs a request for an end entity
47# certificate
48
49basicConstraints=critical, CA:FALSE
50keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
51
52# PKIX recommendations harmless if included in all certificates.
53subjectKeyIdentifier=hash
54authorityKeyIdentifier=keyid
55
56[ dh_cert ]
57
58# These extensions are added when 'ca' signs a request for an end entity
59# DH certificate
60
61basicConstraints=critical, CA:FALSE
62keyUsage=critical, keyAgreement
63
64# PKIX recommendations harmless if included in all certificates.
65subjectKeyIdentifier=hash
66authorityKeyIdentifier=keyid
67
68[ v3_ca ]
69
70
71# Extensions for a typical CA
72
73# PKIX recommendation.
74
75subjectKeyIdentifier=hash
76authorityKeyIdentifier=keyid:always
77basicConstraints = critical,CA:true
78keyUsage = critical, cRLSign, keyCertSign
79