1*ebfedea0SLionel Sambuc# 2*ebfedea0SLionel Sambuc# SSLeay example configuration file. 3*ebfedea0SLionel Sambuc# This is mostly being used for generation of certificate requests. 4*ebfedea0SLionel Sambuc# 5*ebfedea0SLionel Sambuc 6*ebfedea0SLionel SambucRANDFILE = ./.rnd 7*ebfedea0SLionel Sambuc 8*ebfedea0SLionel Sambuc#################################################################### 9*ebfedea0SLionel Sambuc[ req ] 10*ebfedea0SLionel Sambucdefault_bits = 2048 11*ebfedea0SLionel Sambucdefault_keyfile = keySS.pem 12*ebfedea0SLionel Sambucdistinguished_name = req_distinguished_name 13*ebfedea0SLionel Sambucencrypt_rsa_key = no 14*ebfedea0SLionel Sambucdefault_md = sha1 15*ebfedea0SLionel Sambuc 16*ebfedea0SLionel Sambuc[ req_distinguished_name ] 17*ebfedea0SLionel SambuccountryName = Country Name (2 letter code) 18*ebfedea0SLionel SambuccountryName_default = AU 19*ebfedea0SLionel SambuccountryName_value = AU 20*ebfedea0SLionel Sambuc 21*ebfedea0SLionel SambucorganizationName = Organization Name (eg, company) 22*ebfedea0SLionel SambucorganizationName_value = Dodgy Brothers 23*ebfedea0SLionel Sambuc 24*ebfedea0SLionel SambuccommonName = Common Name (eg, YOUR name) 25*ebfedea0SLionel SambuccommonName_value = Dodgy CA 26*ebfedea0SLionel Sambuc 27*ebfedea0SLionel Sambuc#################################################################### 28*ebfedea0SLionel Sambuc[ ca ] 29*ebfedea0SLionel Sambucdefault_ca = CA_default # The default ca section 30*ebfedea0SLionel Sambuc 31*ebfedea0SLionel Sambuc#################################################################### 32*ebfedea0SLionel Sambuc[ CA_default ] 33*ebfedea0SLionel Sambuc 34*ebfedea0SLionel Sambucdir = ./demoCA # Where everything is kept 35*ebfedea0SLionel Sambuccerts = $dir/certs # Where the issued certs are kept 36*ebfedea0SLionel Sambuccrl_dir = $dir/crl # Where the issued crl are kept 37*ebfedea0SLionel Sambucdatabase = $dir/index.txt # database index file. 38*ebfedea0SLionel Sambuc#unique_subject = no # Set to 'no' to allow creation of 39*ebfedea0SLionel Sambuc # several ctificates with same subject. 40*ebfedea0SLionel Sambucnew_certs_dir = $dir/newcerts # default place for new certs. 41*ebfedea0SLionel Sambuc 42*ebfedea0SLionel Sambuccertificate = $dir/cacert.pem # The CA certificate 43*ebfedea0SLionel Sambucserial = $dir/serial # The current serial number 44*ebfedea0SLionel Sambuccrl = $dir/crl.pem # The current CRL 45*ebfedea0SLionel Sambucprivate_key = $dir/private/cakey.pem# The private key 46*ebfedea0SLionel SambucRANDFILE = $dir/private/.rand # private random number file 47*ebfedea0SLionel Sambuc 48*ebfedea0SLionel Sambucx509_extensions = v3_ca # The extentions to add to the cert 49*ebfedea0SLionel Sambuc 50*ebfedea0SLionel Sambucname_opt = ca_default # Subject Name options 51*ebfedea0SLionel Sambuccert_opt = ca_default # Certificate field options 52*ebfedea0SLionel Sambuc 53*ebfedea0SLionel Sambucdefault_days = 365 # how long to certify for 54*ebfedea0SLionel Sambucdefault_crl_days= 30 # how long before next CRL 55*ebfedea0SLionel Sambucdefault_md = md5 # which md to use. 56*ebfedea0SLionel Sambucpreserve = no # keep passed DN ordering 57*ebfedea0SLionel Sambuc 58*ebfedea0SLionel Sambucpolicy = policy_anything 59*ebfedea0SLionel Sambuc 60*ebfedea0SLionel Sambuc[ policy_anything ] 61*ebfedea0SLionel SambuccountryName = optional 62*ebfedea0SLionel SambucstateOrProvinceName = optional 63*ebfedea0SLionel SambuclocalityName = optional 64*ebfedea0SLionel SambucorganizationName = optional 65*ebfedea0SLionel SambucorganizationalUnitName = optional 66*ebfedea0SLionel SambuccommonName = supplied 67*ebfedea0SLionel SambucemailAddress = optional 68*ebfedea0SLionel Sambuc 69*ebfedea0SLionel Sambuc 70*ebfedea0SLionel Sambuc 71*ebfedea0SLionel Sambuc[ v3_ca ] 72*ebfedea0SLionel SambucsubjectKeyIdentifier=hash 73*ebfedea0SLionel SambucauthorityKeyIdentifier=keyid:always,issuer:always 74*ebfedea0SLionel SambucbasicConstraints = CA:true,pathlen:1 75*ebfedea0SLionel SambuckeyUsage = cRLSign, keyCertSign 76*ebfedea0SLionel SambucissuerAltName=issuer:copy 77