| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111 |
- # OpenSSL configuration file for Suite B
- HOME = .
- RANDFILE = $ENV::HOME/.rnd
- oid_section = new_oids
- [ new_oids ]
- [ ca ]
- default_ca = CA_default
- [ CA_default ]
- dir = ./ec-ca
- certs = $dir/certs
- crl_dir = $dir/crl
- database = $dir/index.txt
- #unique_subject = no
- new_certs_dir = $dir/newcerts
- certificate = $dir/cacert.pem
- serial = $dir/serial
- crlnumber = $dir/crlnumber
- crl = $dir/crl.pem
- private_key = $dir/private/cakey.pem
- RANDFILE = $dir/private/.rand
- x509_extensions = ext_client
- name_opt = ca_default
- cert_opt = ca_default
- copy_extensions = copy
- default_days = 3650
- default_crl_days= 30
- default_md = default
- preserve = no
- policy = policy_match
- [ policy_match ]
- countryName = match
- stateOrProvinceName = optional
- organizationName = match
- organizationalUnitName = optional
- commonName = supplied
- #emailAddress = optional
- [ policy_anything ]
- countryName = optional
- stateOrProvinceName = optional
- localityName = optional
- organizationName = optional
- organizationalUnitName = optional
- commonName = supplied
- #emailAddress = optional
- [ req ]
- distinguished_name = req_distinguished_name
- attributes = req_attributes
- x509_extensions = v3_ca
- string_mask = utf8only
- [ req_distinguished_name ]
- countryName = Country Name (2 letter code)
- countryName_default = FI
- countryName_min = 2
- countryName_max = 2
- localityName = Locality Name (eg, city)
- localityName_default = Helsinki
- 0.organizationName = Organization Name (eg, company)
- 0.organizationName_default = w1.fi
- commonName = Common Name (e.g. server FQDN or YOUR name)
- #@CN@
- commonName_max = 64
- [ req_attributes ]
- [ v3_ca ]
- subjectKeyIdentifier=hash
- authorityKeyIdentifier=keyid:always,issuer
- basicConstraints = critical, CA:true, pathlen:0
- keyUsage = critical, cRLSign, keyCertSign
- [ crl_ext ]
- # issuerAltName=issuer:copy
- authorityKeyIdentifier=keyid:always
- [ ext_client ]
- basicConstraints=CA:FALSE
- subjectKeyIdentifier=hash
- authorityKeyIdentifier=keyid,issuer
- #@ALTNAME@
- extendedKeyUsage = clientAuth
- keyUsage = digitalSignature, keyEncipherment
- [ ext_server ]
- basicConstraints=critical, CA:FALSE
- subjectKeyIdentifier=hash
- authorityKeyIdentifier=keyid,issuer
- #@ALTNAME@
- extendedKeyUsage = critical, serverAuth
- keyUsage = digitalSignature, keyEncipherment
|
