2 # Comment out the next line to ignore configuration errors
7 ####################################################################
9 distinguished_name = req_distinguished_name
13 [ req_distinguished_name ]
14 countryName = Country Name (2 letter code)
15 countryName_value = AU
16 organizationName = Organization Name (eg, company)
17 organizationName_value = Dodgy Brothers
18 commonName = Common Name (eg, YOUR name)
19 commonName_value = Dodgy CA
21 ####################################################################
23 distinguished_name = user_dn
30 organizationName = Dodgy Brothers
31 0.commonName = Brother 1
32 1.commonName = $ENV::CN2
35 subjectKeyIdentifier = hash
36 authorityKeyIdentifier = keyid,issuer:always
37 basicConstraints = CA:false
38 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
41 subjectKeyIdentifier = hash
42 authorityKeyIdentifier = keyid:always
43 basicConstraints = CA:false
44 keyUsage = nonRepudiation, digitalSignature
47 subjectKeyIdentifier = hash
48 authorityKeyIdentifier = keyid:always
49 basicConstraints = CA:false
50 keyUsage = nonRepudiation, digitalSignature, keyAgreement
52 ####################################################################
54 default_ca = CA_default
60 database = $dir/index.txt
61 new_certs_dir = $dir/newcerts
62 certificate = $dir/cacert.pem
65 private_key = $dir/private/cakey.pem
66 x509_extensions = v3_ca
73 policy = policy_anything
76 countryName = optional
77 stateOrProvinceName = optional
78 localityName = optional
79 organizationName = optional
80 organizationalUnitName = optional
82 emailAddress = optional
85 subjectKeyIdentifier = hash
86 authorityKeyIdentifier = keyid:always,issuer:always
87 basicConstraints = critical,CA:true,pathlen:1
88 keyUsage = cRLSign, keyCertSign
89 issuerAltName = issuer:copy