ca.cnf revision eb525c5499e34cc9c4b825d6d9e75bb07cc06ace
1# Defaults in the event they're not set in the environment 2CA_DIR = out 3KEY_SIZE = 2048 4ALGO = sha1 5CERT_TYPE = root 6CA_NAME = req_env_dn 7 8[ca] 9default_ca = CA_root 10preserve = yes 11 12# The default test root, used to generate certificates and CRLs. 13[CA_root] 14dir = $ENV::CA_DIR 15key_size = $ENV::KEY_SIZE 16algo = $ENV::ALGO 17cert_type = $ENV::CERT_TYPE 18type = $key_size-$algo-$cert_type 19database = $dir/$type-index.txt 20new_certs_dir = $dir 21serial = $dir/$type-serial 22certificate = $dir/$type.pem 23private_key = $dir/$type.key 24RANDFILE = $dir/.rand 25default_days = 3650 26default_crl_days = 30 27default_md = sha1 28policy = policy_anything 29unique_subject = no 30copy_extensions = copy 31 32[user_cert] 33# Extensions to add when signing a request for an EE cert 34basicConstraints = critical, CA:false 35subjectKeyIdentifier = hash 36authorityKeyIdentifier = keyid:always 37extendedKeyUsage = serverAuth,clientAuth 38 39[ca_cert] 40# Extensions to add when signing a request for an intermediate/CA cert 41basicConstraints = critical, CA:true 42subjectKeyIdentifier = hash 43#authorityKeyIdentifier = keyid:always 44keyUsage = critical, keyCertSign, cRLSign 45 46[crl_extensions] 47# Extensions to add when signing a CRL 48authorityKeyIdentifier = keyid:always 49 50[policy_anything] 51# Default signing policy 52countryName = optional 53stateOrProvinceName = optional 54localityName = optional 55organizationName = optional 56organizationalUnitName = optional 57commonName = optional 58emailAddress = optional 59 60[req] 61# The request section used to generate the root CA certificate. This should 62# not be used to generate end-entity certificates. For certificates other 63# than the root CA, see README to find the appropriate configuration file 64# (ie: openssl_cert.cnf). 65default_bits = $ENV::KEY_SIZE 66default_md = sha1 67string_mask = utf8only 68prompt = no 69encrypt_key = no 70distinguished_name = $ENV::CA_NAME 71x509_extensions = req_ca_exts 72 73[req_ca_dn] 74C = US 75ST = California 76L = Mountain View 77O = Test CA 78CN = Test Root CA 79 80[req_intermediate_dn] 81C = US 82ST = California 83L = Mountain View 84O = Test CA 85CN = Test Intermediate CA 86 87[req_env_dn] 88CN = $ENV::CA_COMMON_NAME 89 90[req_ca_exts] 91basicConstraints = critical, CA:true 92keyUsage = critical, keyCertSign, cRLSign 93subjectKeyIdentifier = hash 94