Home | History | Annotate | Download | only in scripts 
      1 # Defaults in the event they're not set in the environment
      2 CA_DIR    = out
      3 KEY_SIZE  = 2048
      4 ALGO      = sha1
      5 CERT_TYPE = root
      6 CA_NAME   = req_env_dn
      7 
      8 [ca]
      9 default_ca = CA_root
     10 preserve   = yes
     11 
     12 # The default test root, used to generate certificates and CRLs.
     13 [CA_root]
     14 dir           = $ENV::CA_DIR
     15 key_size      = $ENV::KEY_SIZE
     16 algo          = $ENV::ALGO
     17 cert_type     = $ENV::CERT_TYPE
     18 type          = $key_size-$algo-$cert_type
     19 database      = $dir/$type-index.txt
     20 new_certs_dir = $dir
     21 serial        = $dir/$type-serial
     22 certificate   = $dir/$type.pem
     23 private_key   = $dir/$type.key
     24 RANDFILE      = $dir/.rand
     25 default_days     = 3650
     26 default_crl_days = 30
     27 default_md       = sha1
     28 policy           = policy_anything
     29 unique_subject   = no
     30 copy_extensions  = copy
     31 
     32 [user_cert]
     33 # Extensions to add when signing a request for an EE cert
     34 basicConstraints       = critical, CA:false
     35 subjectKeyIdentifier   = hash
     36 authorityKeyIdentifier = keyid:always
     37 extendedKeyUsage       = serverAuth,clientAuth
     38 
     39 [ca_cert]
     40 # Extensions to add when signing a request for an intermediate/CA cert
     41 basicConstraints       = critical, CA:true
     42 subjectKeyIdentifier   = hash
     43 #authorityKeyIdentifier = keyid:always
     44 keyUsage               = critical, keyCertSign, cRLSign
     45 
     46 [crl_extensions]
     47 # Extensions to add when signing a CRL
     48 authorityKeyIdentifier = keyid:always
     49 
     50 [policy_anything]
     51 # Default signing policy
     52 countryName            = optional
     53 stateOrProvinceName    = optional
     54 localityName           = optional
     55 organizationName       = optional
     56 organizationalUnitName = optional
     57 commonName             = optional
     58 emailAddress           = optional
     59 
     60 [req]
     61 # The request section used to generate the root CA certificate. This should
     62 # not be used to generate end-entity certificates. For certificates other
     63 # than the root CA, see README to find the appropriate configuration file
     64 # (ie: openssl_cert.cnf).
     65 default_bits       = $ENV::KEY_SIZE
     66 default_md         = sha1
     67 string_mask        = utf8only
     68 prompt             = no
     69 encrypt_key        = no
     70 distinguished_name = $ENV::CA_NAME
     71 x509_extensions    = req_ca_exts
     72 
     73 [req_ca_dn]
     74 C  = US
     75 ST = California
     76 L  = Mountain View
     77 O  = Test CA
     78 CN = Test Root CA
     79 
     80 [req_intermediate_dn]
     81 C  = US
     82 ST = California
     83 L  = Mountain View
     84 O  = Test CA
     85 CN = Test Intermediate CA
     86 
     87 [req_env_dn]
     88 CN = $ENV::CA_COMMON_NAME
     89 
     90 [req_ca_exts]
     91 basicConstraints       = critical, CA:true
     92 keyUsage               = critical, keyCertSign, cRLSign
     93 subjectKeyIdentifier   = hash
     94