test/CAss.cnf

   1 #
   2 # SSLeay example configuration file.
   3 # This is mostly being used for generation of certificate requests.
   4 #
   5
   6 ####################################################################
   7 [ req ]
   8 default_bits            = 2048
   9 default_keyfile         = keySS.pem
  10 distinguished_name      = req_distinguished_name
  11 encrypt_rsa_key         = no
  12 default_md              = sha1
  13
  14 [ req_distinguished_name ]
  15 countryName                     = Country Name (2 letter code)
  16 countryName_default             = AU
  17 countryName_value               = AU
  18
  19 organizationName                = Organization Name (eg, company)
  20 organizationName_value          = Dodgy Brothers
  21
  22 commonName                      = Common Name (eg, YOUR name)
  23 commonName_value                = Dodgy CA
  24
  25 ####################################################################
  26 [ ca ]
  27 default_ca      = CA_default            # The default ca section
  28
  29 ####################################################################
  30 [ CA_default ]
  31
  32 dir             = ./demoCA              # Where everything is kept
  33 certs           = $dir/certs            # Where the issued certs are kept
  34 crl_dir         = $dir/crl              # Where the issued crl are kept
  35 database        = $dir/index.txt        # database index file.
  36 #unique_subject = no                    # Set to 'no' to allow creation of
  37                                         # several certificates with same subject.
  38 new_certs_dir   = $dir/newcerts         # default place for new certs.
  39
  40 certificate     = $dir/cacert.pem       # The CA certificate
  41 serial          = $dir/serial           # The current serial number
  42 crl             = $dir/crl.pem          # The current CRL
  43 private_key     = $dir/private/cakey.pem# The private key
  44
  45 x509_extensions = v3_ca                 # The extensions to add to the cert
  46
  47 name_opt        = ca_default            # Subject Name options
  48 cert_opt        = ca_default            # Certificate field options
  49
  50 default_days    = 365                   # how long to certify for
  51 default_crl_days= 30                    # how long before next CRL
  52 default_md      = md5                   # which md to use.
  53 preserve        = no                    # keep passed DN ordering
  54
  55 policy          = policy_anything
  56
  57 [ policy_anything ]
  58 countryName             = optional
  59 stateOrProvinceName     = optional
  60 localityName            = optional
  61 organizationName        = optional
  62 organizationalUnitName  = optional
  63 commonName              = supplied
  64 emailAddress            = optional
  65
  66
  67
  68 [ v3_ca ]
  69 subjectKeyIdentifier=hash
  70 authorityKeyIdentifier=keyid:always,issuer:always
  71 basicConstraints = critical,CA:true,pathlen:1
  72 keyUsage = cRLSign, keyCertSign
  73 issuerAltName=issuer:copy