Home | History | Annotate | Download | only in certs 
      1 [req]
      2 distinguished_name  = req_distinguished_name
      3 req_extensions     = v3_req
      4 
      5 [req_distinguished_name]
      6 countryName           = Country Name (2 letter code)
      7 countryName_default   = US
      8 stateOrProvinceName   = State or Province Name (full name)
      9 stateOrProvinceName_default = Illinois
     10 localityName          = Locality Name (eg, city)
     11 localityName_default  = Chicago
     12 organizationName          = Organization Name (eg, company)
     13 organizationName_default  = Example, Co.
     14 commonName            = Common Name (eg, YOUR name)
     15 commonName_max        = 64
     16 
     17 ####################################################################
     18 [ ca ]
     19 default_ca	= CA_default		# The default ca section
     20 
     21 ####################################################################
     22 [ CA_default ]
     23 
     24 dir		= . # Where everything is kept
     25 certs		= $dir # Where the issued certs are kept
     26 crl_dir		= $dir		# Where the issued crl are kept
     27 database	= $dir/index.txt	# database index file.
     28 #unique_subject	= no			# Set to 'no' to allow creation of
     29 					# several ctificates with same subject.
     30 new_certs_dir	= $dir		# default place for new certs.
     31 
     32 certificate	= $dir/ca.pem 	# The CA certificate
     33 serial		= $dir/serial 		# The current serial number
     34 crlnumber	= $dir/crlnumber	# the current crl number
     35 					# must be commented out to leave a V1 CRL
     36 crl		= $dir/crl.pem 		# The current CRL
     37 private_key	= $dir/private/cakey.pem# The private key
     38 RANDFILE	= $dir/private/.rand	# private random number file
     39 
     40 x509_extensions	= usr_cert		# The extentions to add to the cert
     41 
     42 # Comment out the following two lines for the "traditional"
     43 # (and highly broken) format.
     44 name_opt 	= ca_default		# Subject Name options
     45 cert_opt 	= ca_default		# Certificate field options
     46 
     47 # Extension copying option: use with caution.
     48 # copy_extensions = copy
     49 
     50 # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
     51 # so this is commented out by default to leave a V1 CRL.
     52 # crlnumber must also be commented out to leave a V1 CRL.
     53 # crl_extensions	= crl_ext
     54 
     55 default_days	= 365			# how long to certify for
     56 default_crl_days= 30			# how long before next CRL
     57 default_md	= default		# use public key default MD
     58 preserve	= no			# keep passed DN ordering
     59 
     60 # A few difference way of specifying how similar the request should look
     61 # For type CA, the listed attributes must be the same, and the optional
     62 # and supplied fields are just that :-)
     63 policy		= policy_anything
     64 [ policy_anything ]
     65 countryName		= optional
     66 stateOrProvinceName	= optional
     67 localityName		= optional
     68 organizationName	= optional
     69 organizationalUnitName	= optional
     70 commonName		= supplied
     71 emailAddress		= optional
     72 
     73 [v3_req]
     74 basicConstraints = CA:FALSE
     75 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
     76 subjectAltName = @alt_names
     77 
     78 [alt_names]
     79 DNS.1 = *.test.google.fr
     80 DNS.2 = waterzooi.test.google.be
     81 DNS.3 = *.test.youtube.com
     82 IP.1 = "192.168.1.3"
     83