1ID=1
2CA_DIR=out
3
4[ca]
5default_ca = ca_settings
6preserve   = yes
7
8[ca_settings]
9dir             = ${ENV::CA_DIR}
10database        = $dir/${ENV::ID}-index.txt
11new_certs_dir   = $dir
12serial          = $dir/${ENV::ID}-serial
13certificate     = $dir/${ENV::ID}.pem
14private_key     = $dir/${ENV::ID}.key
15RANDFILE        = $dir/rand
16default_md      = sha1
17default_days    = 3650
18policy          = policy_anything
19unique_subject  = no
20copy_extensions = copy
21
22[policy_anything]
23# Default signing policy
24countryName            = optional
25stateOrProvinceName    = optional
26localityName           = optional
27organizationName       = optional
28organizationalUnitName = optional
29commonName             = optional
30emailAddress           = optional
31
32[req]
33default_bits       = 2048
34default_md         = sha1
35string_mask        = utf8only
36prompt             = no
37encrypt_key        = no
38distinguished_name = req_env_dn
39
40[user_cert]
41# Extensions to add when signing a request for an EE cert
42basicConstraints = critical, CA:false
43extendedKeyUsage = serverAuth,clientAuth
44
45[ca_cert]
46# Extensions to add when signing a request for an intermediate/CA cert
47basicConstraints = critical, CA:true
48keyUsage         = critical, keyCertSign, cRLSign
49
50[req_env_dn]
51CN = ${ENV::COMMON_NAME}
52