ca.cnf
1.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
####################################################################
[ req ]
default_bits = 2432
default_keyfile = cakey.pem
default_md = sha256
distinguished_name = req_DN
string_mask = utf8only
x509_extensions = v3_selfsign
[ req_DN ]
commonName = "Common Name"
commonName_value = "CA"
[ v3_selfsign ]
basicConstraints = critical,CA:true
keyUsage = keyCertSign
subjectKeyIdentifier=hash
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = ./demoCA
certificate = ./demoCA/cacert.pem
serial = ./demoCA/serial
private_key = ./demoCA/private/cakey.pem
new_certs_dir = ./demoCA/newcerts
certificate = cacert.pem
private_key = cakey.pem
x509_extensions = v3_user
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
policy = policy_anything
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ v3_user ]
basicConstraints=critical,CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
issuerAltName=issuer:copy