Home | History | Annotate | Download | only in scripts 
      1 [ca]
      2 default_ca = CA_root
      3 preserve   = yes
      4 
      5 # The default test root, used to generate certificates and CRLs.
      6 [CA_root]
      7 dir           = $ENV::CA_DIR
      8 key_size      = $ENV::KEY_SIZE
      9 algo          = $ENV::ALGO
     10 cert_type     = $ENV::CERT_TYPE
     11 type          = $ENV::TYPE
     12 certificate   = $ENV::CERTIFICATE
     13 database      = $dir/$type-index.txt
     14 new_certs_dir = $dir
     15 serial        = $dir/$type-serial
     16 certificate   = $dir/$certificate.pem
     17 private_key   = $dir/$type.key
     18 RANDFILE      = $dir/rand
     19 default_days     = 3650
     20 default_crl_days = 30
     21 default_md       = sha1
     22 policy           = policy_anything
     23 unique_subject   = no
     24 
     25 [user_cert]
     26 # Extensions to add when signing a request for an EE cert
     27 basicConstraints       = critical, CA:false
     28 subjectKeyIdentifier   = hash
     29 authorityKeyIdentifier = keyid:always
     30 extendedKeyUsage       = serverAuth,clientAuth
     31 
     32 [ca_cert]
     33 # Extensions to add when signing a request for an intermediate/CA cert
     34 basicConstraints       = critical, CA:true
     35 subjectKeyIdentifier   = hash
     36 #authorityKeyIdentifier = keyid:always
     37 keyUsage               = critical, keyCertSign, cRLSign
     38 
     39 [crl_extensions]
     40 # Extensions to add when signing a CRL
     41 authorityKeyIdentifier = keyid:always
     42 
     43 [policy_anything]
     44 # Default signing policy
     45 countryName            = optional
     46 stateOrProvinceName    = optional
     47 localityName           = optional
     48 organizationName       = optional
     49 organizationalUnitName = optional
     50 commonName             = optional
     51 emailAddress           = optional
     52 
     53 [req]
     54 # The request section used to generate the root CA certificate. This should
     55 # not be used to generate end-entity certificates. For certificates other
     56 # than the root CA, see README to find the appropriate configuration file
     57 # (ie: openssl_cert.cnf).
     58 default_bits       = $ENV::KEY_SIZE
     59 default_md         = sha1
     60 string_mask        = utf8only
     61 prompt             = no
     62 encrypt_key        = no
     63 distinguished_name = $ENV::CA_NAME
     64 
     65 [req_ca_dn]
     66 C  = US
     67 ST = California
     68 L  = Mountain View
     69 O  = Test CA
     70 CN = Test Root 2 CA
     71 
     72 [req_intermediate_dn]
     73 C  = US
     74 ST = California
     75 L  = Mountain View
     76 O  = Test CA
     77 CN = Test Intermediate 2 CA
     78 
     79 [req_env_dn]
     80 CN = $ENV::CA_COMMON_NAME
     81