|
sl@0
|
1 |
#
|
|
sl@0
|
2 |
# SSLeay example configuration file.
|
|
sl@0
|
3 |
# This is mostly being used for generation of certificate requests.
|
|
sl@0
|
4 |
#
|
|
sl@0
|
5 |
|
|
sl@0
|
6 |
RANDFILE = ./.rnd
|
|
sl@0
|
7 |
|
|
sl@0
|
8 |
####################################################################
|
|
sl@0
|
9 |
[ req ]
|
|
sl@0
|
10 |
default_bits = 512
|
|
sl@0
|
11 |
default_keyfile = keySS.pem
|
|
sl@0
|
12 |
distinguished_name = req_distinguished_name
|
|
sl@0
|
13 |
encrypt_rsa_key = no
|
|
sl@0
|
14 |
default_md = sha1
|
|
sl@0
|
15 |
|
|
sl@0
|
16 |
[ req_distinguished_name ]
|
|
sl@0
|
17 |
countryName = Country Name (2 letter code)
|
|
sl@0
|
18 |
countryName_default = AU
|
|
sl@0
|
19 |
countryName_value = AU
|
|
sl@0
|
20 |
|
|
sl@0
|
21 |
organizationName = Organization Name (eg, company)
|
|
sl@0
|
22 |
organizationName_value = Dodgy Brothers
|
|
sl@0
|
23 |
|
|
sl@0
|
24 |
commonName = Common Name (eg, YOUR name)
|
|
sl@0
|
25 |
commonName_value = Dodgy CA
|
|
sl@0
|
26 |
|
|
sl@0
|
27 |
####################################################################
|
|
sl@0
|
28 |
[ ca ]
|
|
sl@0
|
29 |
default_ca = CA_default # The default ca section
|
|
sl@0
|
30 |
|
|
sl@0
|
31 |
####################################################################
|
|
sl@0
|
32 |
[ CA_default ]
|
|
sl@0
|
33 |
|
|
sl@0
|
34 |
dir = ./demoCA # Where everything is kept
|
|
sl@0
|
35 |
certs = $dir/certs # Where the issued certs are kept
|
|
sl@0
|
36 |
crl_dir = $dir/crl # Where the issued crl are kept
|
|
sl@0
|
37 |
database = $dir/index.txt # database index file.
|
|
sl@0
|
38 |
#unique_subject = no # Set to 'no' to allow creation of
|
|
sl@0
|
39 |
# several ctificates with same subject.
|
|
sl@0
|
40 |
new_certs_dir = $dir/newcerts # default place for new certs.
|
|
sl@0
|
41 |
|
|
sl@0
|
42 |
certificate = $dir/cacert.pem # The CA certificate
|
|
sl@0
|
43 |
serial = $dir/serial # The current serial number
|
|
sl@0
|
44 |
crl = $dir/crl.pem # The current CRL
|
|
sl@0
|
45 |
private_key = $dir/private/cakey.pem# The private key
|
|
sl@0
|
46 |
RANDFILE = $dir/private/.rand # private random number file
|
|
sl@0
|
47 |
|
|
sl@0
|
48 |
x509_extensions = v3_ca # The extentions to add to the cert
|
|
sl@0
|
49 |
|
|
sl@0
|
50 |
name_opt = ca_default # Subject Name options
|
|
sl@0
|
51 |
cert_opt = ca_default # Certificate field options
|
|
sl@0
|
52 |
|
|
sl@0
|
53 |
default_days = 365 # how long to certify for
|
|
sl@0
|
54 |
default_crl_days= 30 # how long before next CRL
|
|
sl@0
|
55 |
default_md = md5 # which md to use.
|
|
sl@0
|
56 |
preserve = no # keep passed DN ordering
|
|
sl@0
|
57 |
|
|
sl@0
|
58 |
policy = policy_anything
|
|
sl@0
|
59 |
|
|
sl@0
|
60 |
[ policy_anything ]
|
|
sl@0
|
61 |
countryName = optional
|
|
sl@0
|
62 |
stateOrProvinceName = optional
|
|
sl@0
|
63 |
localityName = optional
|
|
sl@0
|
64 |
organizationName = optional
|
|
sl@0
|
65 |
organizationalUnitName = optional
|
|
sl@0
|
66 |
commonName = supplied
|
|
sl@0
|
67 |
emailAddress = optional
|
|
sl@0
|
68 |
|
|
sl@0
|
69 |
|
|
sl@0
|
70 |
|
|
sl@0
|
71 |
[ v3_ca ]
|
|
sl@0
|
72 |
subjectKeyIdentifier=hash
|
|
sl@0
|
73 |
authorityKeyIdentifier=keyid:always,issuer:always
|
|
sl@0
|
74 |
basicConstraints = CA:true,pathlen:1
|
|
sl@0
|
75 |
keyUsage = cRLSign, keyCertSign
|
|
sl@0
|
76 |
issuerAltName=issuer:copy
|