1[ca]
2default_ca = CA_root
3preserve   = yes
4
5# The default test root, used to generate certificates and CRLs.
6[CA_root]
7dir           = $ENV::CA_DIR
8key_size      = $ENV::KEY_SIZE
9algo          = $ENV::ALGO
10cert_type     = $ENV::CERT_TYPE
11type          = $ENV::TYPE
12certificate   = $ENV::CERTIFICATE
13database      = $dir/$type-index.txt
14new_certs_dir = $dir
15serial        = $dir/$type-serial
16certificate   = $dir/$certificate.pem
17private_key   = $dir/$type.key
18RANDFILE      = $dir/rand
19default_days     = 3650
20default_crl_days = 30
21default_md       = sha1
22policy           = policy_anything
23unique_subject   = no
24
25[user_cert]
26# Extensions to add when signing a request for an EE cert
27basicConstraints       = critical, CA:false
28subjectKeyIdentifier   = hash
29authorityKeyIdentifier = keyid:always
30extendedKeyUsage       = serverAuth,clientAuth
31
32[ca_cert]
33# Extensions to add when signing a request for an intermediate/CA cert
34basicConstraints       = critical, CA:true
35subjectKeyIdentifier   = hash
36#authorityKeyIdentifier = keyid:always
37keyUsage               = critical, keyCertSign, cRLSign
38
39[crl_extensions]
40# Extensions to add when signing a CRL
41authorityKeyIdentifier = keyid:always
42
43[policy_anything]
44# Default signing policy
45countryName            = optional
46stateOrProvinceName    = optional
47localityName           = optional
48organizationName       = optional
49organizationalUnitName = optional
50commonName             = optional
51emailAddress           = optional
52
53[req]
54# The request section used to generate the root CA certificate. This should
55# not be used to generate end-entity certificates. For certificates other
56# than the root CA, see README to find the appropriate configuration file
57# (ie: openssl_cert.cnf).
58default_bits       = $ENV::KEY_SIZE
59default_md         = sha1
60string_mask        = utf8only
61prompt             = no
62encrypt_key        = no
63distinguished_name = $ENV::CA_NAME
64
65[req_ca_dn]
66C  = US
67ST = California
68L  = Mountain View
69O  = Test CA
70CN = Test Root 2 CA
71
72[req_intermediate_dn]
73C  = US
74ST = California
75L  = Mountain View
76O  = Test CA
77CN = Test Intermediate 2 CA
78
79[req_env_dn]
80CN = $ENV::CA_COMMON_NAME
81