1*b0d17251Schristos 2*b0d17251Schristos# Comment out the next line to ignore configuration errors 3*b0d17251Schristosconfig_diagnostics = 1 4*b0d17251Schristos 5*b0d17251SchristosCN2 = Brother 2 6*b0d17251Schristos 7*b0d17251Schristos#################################################################### 8*b0d17251Schristos[ req ] 9*b0d17251Schristosdistinguished_name = req_distinguished_name 10*b0d17251Schristosencrypt_rsa_key = no 11*b0d17251Schristosdefault_md = sha1 12*b0d17251Schristos 13*b0d17251Schristos[ req_distinguished_name ] 14*b0d17251SchristoscountryName = Country Name (2 letter code) 15*b0d17251SchristoscountryName_value = AU 16*b0d17251SchristosorganizationName = Organization Name (eg, company) 17*b0d17251SchristosorganizationName_value = Dodgy Brothers 18*b0d17251SchristoscommonName = Common Name (eg, YOUR name) 19*b0d17251SchristoscommonName_value = Dodgy CA 20*b0d17251Schristos 21*b0d17251Schristos#################################################################### 22*b0d17251Schristos[ userreq ] 23*b0d17251Schristosdistinguished_name = user_dn 24*b0d17251Schristosencrypt_rsa_key = no 25*b0d17251Schristosdefault_md = sha256 26*b0d17251Schristosprompt = no 27*b0d17251Schristos 28*b0d17251Schristos[ user_dn ] 29*b0d17251SchristoscountryName = AU 30*b0d17251SchristosorganizationName = Dodgy Brothers 31*b0d17251Schristos0.commonName = Brother 1 32*b0d17251Schristos1.commonName = $ENV::CN2 33*b0d17251Schristos 34*b0d17251Schristos[ v3_ee ] 35*b0d17251SchristossubjectKeyIdentifier = hash 36*b0d17251SchristosauthorityKeyIdentifier = keyid,issuer:always 37*b0d17251SchristosbasicConstraints = CA:false 38*b0d17251SchristoskeyUsage = nonRepudiation, digitalSignature, keyEncipherment 39*b0d17251Schristos 40*b0d17251Schristos[ v3_ee_dsa ] 41*b0d17251SchristossubjectKeyIdentifier = hash 42*b0d17251SchristosauthorityKeyIdentifier = keyid:always 43*b0d17251SchristosbasicConstraints = CA:false 44*b0d17251SchristoskeyUsage = nonRepudiation, digitalSignature 45*b0d17251Schristos 46*b0d17251Schristos[ v3_ee_ec ] 47*b0d17251SchristossubjectKeyIdentifier = hash 48*b0d17251SchristosauthorityKeyIdentifier = keyid:always 49*b0d17251SchristosbasicConstraints = CA:false 50*b0d17251SchristoskeyUsage = nonRepudiation, digitalSignature, keyAgreement 51*b0d17251Schristos 52*b0d17251Schristos#################################################################### 53*b0d17251Schristos[ ca ] 54*b0d17251Schristosdefault_ca = CA_default 55*b0d17251Schristos 56*b0d17251Schristos[ CA_default ] 57*b0d17251Schristosdir = ./demoCA 58*b0d17251Schristoscerts = $dir/certs 59*b0d17251Schristoscrl_dir = $dir/crl 60*b0d17251Schristosdatabase = $dir/index.txt 61*b0d17251Schristosnew_certs_dir = $dir/newcerts 62*b0d17251Schristoscertificate = $dir/cacert.pem 63*b0d17251Schristosserial = $dir/serial 64*b0d17251Schristoscrl = $dir/crl.pem 65*b0d17251Schristosprivate_key = $dir/private/cakey.pem 66*b0d17251Schristosx509_extensions = v3_ca 67*b0d17251Schristosname_opt = ca_default 68*b0d17251Schristoscert_opt = ca_default 69*b0d17251Schristosdefault_days = 365 70*b0d17251Schristosdefault_crl_days= 30 71*b0d17251Schristosdefault_md = sha1 72*b0d17251Schristospreserve = no 73*b0d17251Schristospolicy = policy_anything 74*b0d17251Schristos 75*b0d17251Schristos[ policy_anything ] 76*b0d17251SchristoscountryName = optional 77*b0d17251SchristosstateOrProvinceName = optional 78*b0d17251SchristoslocalityName = optional 79*b0d17251SchristosorganizationName = optional 80*b0d17251SchristosorganizationalUnitName = optional 81*b0d17251SchristoscommonName = supplied 82*b0d17251SchristosemailAddress = optional 83*b0d17251Schristos 84*b0d17251Schristos[ v3_ca ] 85*b0d17251SchristossubjectKeyIdentifier = hash 86*b0d17251SchristosauthorityKeyIdentifier = keyid:always,issuer:always 87*b0d17251SchristosbasicConstraints = critical,CA:true,pathlen:1 88*b0d17251SchristoskeyUsage = cRLSign, keyCertSign 89*b0d17251SchristosissuerAltName = issuer:copy 90