sl@0: # sl@0: # SSLeay example configuration file. sl@0: # This is mostly being used for generation of certificate requests. sl@0: # sl@0: sl@0: RANDFILE = ./.rnd sl@0: sl@0: #################################################################### sl@0: [ req ] sl@0: default_bits = 512 sl@0: default_keyfile = keySS.pem sl@0: distinguished_name = req_distinguished_name sl@0: encrypt_rsa_key = no sl@0: default_md = sha1 sl@0: sl@0: [ req_distinguished_name ] sl@0: countryName = Country Name (2 letter code) sl@0: countryName_default = AU sl@0: countryName_value = AU sl@0: sl@0: organizationName = Organization Name (eg, company) sl@0: organizationName_value = Dodgy Brothers sl@0: sl@0: commonName = Common Name (eg, YOUR name) sl@0: commonName_value = Dodgy CA sl@0: sl@0: #################################################################### sl@0: [ ca ] sl@0: default_ca = CA_default # The default ca section sl@0: sl@0: #################################################################### sl@0: [ CA_default ] sl@0: sl@0: dir = ./demoCA # Where everything is kept sl@0: certs = $dir/certs # Where the issued certs are kept sl@0: crl_dir = $dir/crl # Where the issued crl are kept sl@0: database = $dir/index.txt # database index file. sl@0: #unique_subject = no # Set to 'no' to allow creation of sl@0: # several ctificates with same subject. sl@0: new_certs_dir = $dir/newcerts # default place for new certs. sl@0: sl@0: certificate = $dir/cacert.pem # The CA certificate sl@0: serial = $dir/serial # The current serial number sl@0: crl = $dir/crl.pem # The current CRL sl@0: private_key = $dir/private/cakey.pem# The private key sl@0: RANDFILE = $dir/private/.rand # private random number file sl@0: sl@0: x509_extensions = v3_ca # The extentions to add to the cert sl@0: sl@0: name_opt = ca_default # Subject Name options sl@0: cert_opt = ca_default # Certificate field options sl@0: sl@0: default_days = 365 # how long to certify for sl@0: default_crl_days= 30 # how long before next CRL sl@0: default_md = md5 # which md to use. sl@0: preserve = no # keep passed DN ordering sl@0: sl@0: policy = policy_anything sl@0: sl@0: [ policy_anything ] sl@0: countryName = optional sl@0: stateOrProvinceName = optional sl@0: localityName = optional sl@0: organizationName = optional sl@0: organizationalUnitName = optional sl@0: commonName = supplied sl@0: emailAddress = optional sl@0: sl@0: sl@0: sl@0: [ v3_ca ] sl@0: subjectKeyIdentifier=hash sl@0: authorityKeyIdentifier=keyid:always,issuer:always sl@0: basicConstraints = CA:true,pathlen:1 sl@0: keyUsage = cRLSign, keyCertSign sl@0: issuerAltName=issuer:copy