test/CAss.cnf

   1 #
   2 # SSLeay example configuration file.
   3 # This is mostly being used for generation of certificate requests.
   4 #
   5
   6 RANDFILE                = ./.rnd
   7
   8 ####################################################################
   9 [ req ]
  10 default_bits            = 2048
  11 default_keyfile         = keySS.pem
  12 distinguished_name      = req_distinguished_name
  13 encrypt_rsa_key         = no
  14 default_md              = sha1
  15
  16 [ req_distinguished_name ]
  17 countryName                     = Country Name (2 letter code)
  18 countryName_default             = AU
  19 countryName_value               = AU
  20
  21 organizationName                = Organization Name (eg, company)
  22 organizationName_value          = Dodgy Brothers
  23
  24 commonName                      = Common Name (eg, YOUR name)
  25 commonName_value                = Dodgy CA
  26
  27 ####################################################################
  28 [ ca ]
  29 default_ca      = CA_default            # The default ca section
  30
  31 ####################################################################
  32 [ CA_default ]
  33
  34 dir             = ./demoCA              # Where everything is kept
  35 certs           = $dir/certs            # Where the issued certs are kept
  36 crl_dir         = $dir/crl              # Where the issued crl are kept
  37 database        = $dir/index.txt        # database index file.
  38 #unique_subject = no                    # Set to 'no' to allow creation of
  39                                         # several certificates with same subject.
  40 new_certs_dir   = $dir/newcerts         # default place for new certs.
  41
  42 certificate     = $dir/cacert.pem       # The CA certificate
  43 serial          = $dir/serial           # The current serial number
  44 crl             = $dir/crl.pem          # The current CRL
  45 private_key     = $dir/private/cakey.pem# The private key
  46 RANDFILE        = $dir/private/.rand    # private random number file
  47
  48 x509_extensions = v3_ca                 # The extensions to add to the cert
  49
  50 name_opt        = ca_default            # Subject Name options
  51 cert_opt        = ca_default            # Certificate field options
  52
  53 default_days    = 365                   # how long to certify for
  54 default_crl_days= 30                    # how long before next CRL
  55 default_md      = md5                   # which md to use.
  56 preserve        = no                    # keep passed DN ordering
  57
  58 policy          = policy_anything
  59
  60 [ policy_anything ]
  61 countryName             = optional
  62 stateOrProvinceName     = optional
  63 localityName            = optional
  64 organizationName        = optional
  65 organizationalUnitName  = optional
  66 commonName              = supplied
  67 emailAddress            = optional
  68
  69
  70
  71 [ v3_ca ]
  72 subjectKeyIdentifier=hash
  73 authorityKeyIdentifier=keyid:always,issuer:always
  74 basicConstraints = critical,CA:true,pathlen:1
  75 keyUsage = cRLSign, keyCertSign
  76 issuerAltName=issuer:copy