test/recipes/90-test_store_data/ca.cnf

   1 ####################################################################
   2 [ req ]
   3 default_bits            = 2432
   4 default_keyfile         = cakey.pem
   5 default_md              = sha256
   6 distinguished_name      = req_DN
   7 string_mask             = utf8only
   8 x509_extensions         = v3_selfsign
   9
  10 [ req_DN ]
  11 commonName                      = "Common Name"
  12 commonName_value              = "CA"
  13
  14 [ v3_selfsign ]
  15 basicConstraints = critical,CA:true
  16 keyUsage = keyCertSign
  17 subjectKeyIdentifier=hash
  18
  19 ####################################################################
  20 [ ca ]
  21 default_ca      = CA_default            # The default ca section
  22
  23 ####################################################################
  24 [ CA_default ]
  25
  26 dir             = ./demoCA
  27 certificate     = ./demoCA/cacert.pem
  28 serial          = ./demoCA/serial
  29 private_key     = ./demoCA/private/cakey.pem
  30 new_certs_dir   = ./demoCA/newcerts
  31
  32 certificate     = cacert.pem
  33 private_key     = cakey.pem
  34
  35 x509_extensions = v3_user
  36
  37 name_opt        = ca_default            # Subject Name options
  38 cert_opt        = ca_default            # Certificate field options
  39
  40 policy          = policy_anything
  41
  42 [ policy_anything ]
  43 countryName             = optional
  44 stateOrProvinceName     = optional
  45 localityName            = optional
  46 organizationName        = optional
  47 organizationalUnitName  = optional
  48 commonName              = supplied
  49 emailAddress            = optional
  50
  51 [ v3_user ]
  52 basicConstraints=critical,CA:FALSE
  53 subjectKeyIdentifier=hash
  54 authorityKeyIdentifier=keyid,issuer
  55 issuerAltName=issuer:copy
  56