1 CA_DIR=out 2 CA_NAME=policy-root 3 4 [ca] 5 default_ca = CA_root 6 preserve = yes 7 8 [CA_root] 9 dir = ${ENV::CA_DIR} 10 key_size = 2048 11 algo = sha1 12 database = $dir/${ENV::CA_NAME}-index.txt 13 new_certs_dir = $dir 14 serial = $dir/${ENV::CA_NAME}-serial 15 certificate = $dir/${ENV::CA_NAME}.pem 16 private_key = $dir/${ENV::CA_NAME}.key 17 RANDFILE = $dir/.rand 18 default_days = 3650 19 default_crl_days = 30 20 default_md = sha1 21 policy = policy_anything 22 unique_subject = no 23 copy_extensions = copy 24 25 [user_cert] 26 basicConstraints = critical, CA:false 27 extendedKeyUsage = serverAuth, clientAuth 28 certificatePolicies = 1.2.3.4 29 30 [ca_cert] 31 basicConstraints = critical, CA:true 32 keyUsage = critical, digitalSignature, keyCertSign, cRLSign 33 34 [intermediate_cert] 35 basicConstraints = critical, CA:true 36 keyUsage = critical, digitalSignature, keyCertSign, cRLSign 37 policyConstraints = requireExplicitPolicy:0 38 certificatePolicies = 1.2.3.4, 1.2.3.4.5, 1.2.3.5 39 40 [policy_anything] 41 # Default signing policy 42 countryName = optional 43 stateOrProvinceName = optional 44 localityName = optional 45 organizationName = optional 46 organizationalUnitName = optional 47 commonName = optional 48 emailAddress = optional 49 50 [req] 51 default_bits = 2048 52 default_md = sha1 53 string_mask = utf8only 54 prompt = no 55 encrypt_key = no 56 distinguished_name = req_env_dn 57 58 [req_env_dn] 59 CN = ${ENV::COMMON_NAME} 60 61
