Home | History | Annotate | Download | only in scripts 
      1 CA_DIR=out
      2 CA_NAME=aia-test-root
      3 AIA_URL=http://aia-test.invalid
      4 
      5 [ca]
      6 default_ca = CA_root
      7 preserve   = yes
      8 
      9 [CA_root]
     10 dir           = ${ENV::CA_DIR}
     11 key_size      = 2048
     12 algo          = sha256
     13 database      = $dir/${ENV::CA_NAME}-index.txt
     14 new_certs_dir = $dir
     15 serial        = $dir/${ENV::CA_NAME}-serial
     16 certificate   = $dir/${ENV::CA_NAME}.pem
     17 private_key   = $dir/${ENV::CA_NAME}.key
     18 RANDFILE      = $dir/.rand
     19 default_days     = 3650
     20 default_crl_days = 30
     21 default_md       = sha256
     22 policy           = policy_anything
     23 unique_subject   = no
     24 copy_extensions  = copy
     25 
     26 [user_cert]
     27 basicConstraints       = critical, CA:false
     28 extendedKeyUsage       = serverAuth, clientAuth
     29 authorityInfoAccess    = caIssuers;URI:${ENV::AIA_URL}
     30 
     31 [ca_cert]
     32 basicConstraints       = critical, CA:true
     33 keyUsage               = critical, keyCertSign, cRLSign
     34 
     35 [policy_anything]
     36 # Default signing policy
     37 countryName            = optional
     38 stateOrProvinceName    = optional
     39 localityName           = optional
     40 organizationName       = optional
     41 organizationalUnitName = optional
     42 commonName             = optional
     43 emailAddress           = optional
     44 
     45 [req]
     46 default_bits       = 2048
     47 default_md         = sha256
     48 string_mask        = utf8only
     49 prompt             = no
     50 encrypt_key        = no
     51 distinguished_name = req_env_dn
     52 
     53 [req_env_dn]
     54 CN = ${ENV::CA_COMMON_NAME}
     55 
     56