test/ca-and-certs.cnf

   1
   2 CN2 = Brother 2
   3
   4 ####################################################################
   5 [ req ]
   6 distinguished_name      = req_distinguished_name
   7 encrypt_rsa_key         = no
   8 default_md              = sha1
   9
  10 [ req_distinguished_name ]
  11 countryName                     = Country Name (2 letter code)
  12 countryName_value               = AU
  13 organizationName                = Organization Name (eg, company)
  14 organizationName_value          = Dodgy Brothers
  15 commonName                      = Common Name (eg, YOUR name)
  16 commonName_value                = Dodgy CA
  17
  18 ####################################################################
  19 [ userreq ]
  20 distinguished_name      = user_dn
  21 encrypt_rsa_key         = no
  22 default_md              = sha256
  23 prompt                  = no
  24
  25 [ user_dn ]
  26 countryName             = AU
  27 organizationName        = Dodgy Brothers
  28 0.commonName            = Brother 1
  29 1.commonName            = $ENV::CN2
  30
  31 [ v3_ee ]
  32 subjectKeyIdentifier    = hash
  33 authorityKeyIdentifier  = keyid,issuer:always
  34 basicConstraints        = CA:false
  35 keyUsage                = nonRepudiation, digitalSignature, keyEncipherment
  36
  37 [ v3_ee_dsa ]
  38 subjectKeyIdentifier    = hash
  39 authorityKeyIdentifier  = keyid:always
  40 basicConstraints        = CA:false
  41 keyUsage                = nonRepudiation, digitalSignature
  42
  43 [ v3_ee_ec ]
  44 subjectKeyIdentifier    = hash
  45 authorityKeyIdentifier  = keyid:always
  46 basicConstraints        = CA:false
  47 keyUsage                = nonRepudiation, digitalSignature, keyAgreement
  48
  49 ####################################################################
  50 [ ca ]
  51 default_ca      = CA_default
  52
  53 [ CA_default ]
  54 dir             = ./demoCA
  55 certs           = $dir/certs
  56 crl_dir         = $dir/crl
  57 database        = $dir/index.txt
  58 new_certs_dir   = $dir/newcerts
  59 certificate     = $dir/cacert.pem
  60 serial          = $dir/serial
  61 crl             = $dir/crl.pem
  62 private_key     = $dir/private/cakey.pem
  63 x509_extensions = v3_ca
  64 name_opt        = ca_default
  65 cert_opt        = ca_default
  66 default_days    = 365
  67 default_crl_days= 30
  68 default_md      = sha1
  69 preserve        = no
  70 policy          = policy_anything
  71
  72 [ policy_anything ]
  73 countryName             = optional
  74 stateOrProvinceName     = optional
  75 localityName            = optional
  76 organizationName        = optional
  77 organizationalUnitName  = optional
  78 commonName              = supplied
  79 emailAddress            = optional
  80
  81 [ v3_ca ]
  82 subjectKeyIdentifier    = hash
  83 authorityKeyIdentifier  = keyid:always,issuer:always
  84 basicConstraints        = critical,CA:true,pathlen:1
  85 keyUsage                = cRLSign, keyCertSign
  86 issuerAltName           = issuer:copy