Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame^] | 1 | ##================================================================
|
| 2 | ##============== Example OpenSSL configuration file ==============
|
| 3 | ##================================================================
|
| 4 |
|
| 5 | # References:
|
| 6 | #
|
| 7 | # /etc/ssl/openssl.conf
|
| 8 | # http://www.openssl.org/docs/apps/config.html
|
| 9 | # http://www.openssl.org/docs/apps/x509v3_config.html
|
| 10 |
|
| 11 | [ ca ]
|
| 12 | default_ca = my_ca
|
| 13 |
|
| 14 | [ my_ca ]
|
| 15 | certificate = test-ca.crt
|
| 16 | private_key = test-ca.key
|
| 17 | database = index
|
| 18 | serial = serial
|
| 19 |
|
| 20 | new_certs_dir = newcerts
|
| 21 | default_crl_days = 60
|
| 22 | default_days = 730
|
| 23 | default_md = sha1
|
| 24 | policy = my_policy
|
| 25 | x509_extensions = v3_usr
|
| 26 |
|
| 27 | [ my_policy ]
|
| 28 | countryName = optional
|
| 29 | stateOrProvinceName = optional
|
| 30 | organizationName = match
|
| 31 | organizationalUnitName = optional
|
| 32 | commonName = supplied
|
| 33 | emailAddress = optional
|
| 34 |
|
| 35 | [ req ]
|
| 36 | distinguished_name = my_req_dn
|
| 37 | x509_extensions = v3_ca
|
| 38 |
|
| 39 | [ my_req_dn ]
|
| 40 | countryName = Country Name..............
|
| 41 | countryName_min = 2
|
| 42 | countryName_max = 2
|
| 43 | stateOrProvinceName = State or Province Name....
|
| 44 | localityName = Locality Name.............
|
| 45 | 0.organizationName = Organization Name.........
|
| 46 | organizationalUnitName = Org. Unit Name............
|
| 47 | commonName = Common Name (required)....
|
| 48 | commonName_max = 64
|
| 49 | emailAddress = Email Address.............
|
| 50 | emailAddress_max = 64
|
| 51 |
|
| 52 | [ v3_ca ]
|
| 53 | basicConstraints = CA:TRUE
|
| 54 | subjectKeyIdentifier = hash
|
| 55 | authorityKeyIdentifier = keyid:always,issuer:always
|
| 56 |
|
| 57 | [ v3_usr ]
|
| 58 | basicConstraints = CA:FALSE
|
| 59 | subjectKeyIdentifier = hash
|
| 60 | authorityKeyIdentifier = keyid,issuer
|