1 ####################################################################
4 default_keyfile = cakey.pem
6 distinguished_name = req_DN
8 x509_extensions = v3_selfsign
11 commonName = "Common Name"
12 commonName_value = "CA"
15 basicConstraints = critical,CA:true
16 keyUsage = keyCertSign
17 subjectKeyIdentifier=hash
19 ####################################################################
21 default_ca = CA_default # The default ca section
23 ####################################################################
27 certificate = ./demoCA/cacert.pem
28 serial = ./demoCA/serial
29 private_key = ./demoCA/private/cakey.pem
30 new_certs_dir = ./demoCA/newcerts
32 certificate = cacert.pem
33 private_key = cakey.pem
35 x509_extensions = v3_user
37 name_opt = ca_default # Subject Name options
38 cert_opt = ca_default # Certificate field options
40 policy = policy_anything
43 countryName = optional
44 stateOrProvinceName = optional
45 localityName = optional
46 organizationName = optional
47 organizationalUnitName = optional
49 emailAddress = optional
52 basicConstraints=critical,CA:FALSE
53 subjectKeyIdentifier=hash
54 authorityKeyIdentifier=keyid,issuer
55 issuerAltName=issuer:copy