4 ####################################################################
6 distinguished_name = req_distinguished_name
10 [ req_distinguished_name ]
11 countryName = Country Name (2 letter code)
12 countryName_value = AU
13 organizationName = Organization Name (eg, company)
14 organizationName_value = Dodgy Brothers
15 commonName = Common Name (eg, YOUR name)
16 commonName_value = Dodgy CA
18 ####################################################################
20 distinguished_name = user_dn
27 organizationName = Dodgy Brothers
28 0.commonName = Brother 1
29 1.commonName = $ENV::CN2
32 subjectKeyIdentifier = hash
33 authorityKeyIdentifier = keyid,issuer:always
34 basicConstraints = CA:false
35 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
38 subjectKeyIdentifier = hash
39 authorityKeyIdentifier = keyid:always
40 basicConstraints = CA:false
41 keyUsage = nonRepudiation, digitalSignature
44 subjectKeyIdentifier = hash
45 authorityKeyIdentifier = keyid:always
46 basicConstraints = CA:false
47 keyUsage = nonRepudiation, digitalSignature, keyAgreement
49 ####################################################################
51 default_ca = CA_default
57 database = $dir/index.txt
58 new_certs_dir = $dir/newcerts
59 certificate = $dir/cacert.pem
62 private_key = $dir/private/cakey.pem
63 x509_extensions = v3_ca
70 policy = policy_anything
73 countryName = optional
74 stateOrProvinceName = optional
75 localityName = optional
76 organizationName = optional
77 organizationalUnitName = optional
79 emailAddress = optional
82 subjectKeyIdentifier = hash
83 authorityKeyIdentifier = keyid:always,issuer:always
84 basicConstraints = critical,CA:true,pathlen:1
85 keyUsage = cRLSign, keyCertSign
86 issuerAltName = issuer:copy