Turn on TLSv1.3 downgrade protection by default
[openssl.git] / test / CAss.cnf
1 #
2 # SSLeay example configuration file.
3 # This is mostly being used for generation of certificate requests.
4 #
5
6 RANDFILE                = ./.rnd
7
8 ####################################################################
9 [ req ]
10 default_bits            = 2048
11 default_keyfile         = keySS.pem
12 distinguished_name      = req_distinguished_name
13 encrypt_rsa_key         = no
14 default_md              = sha1
15
16 [ req_distinguished_name ]
17 countryName                     = Country Name (2 letter code)
18 countryName_default             = AU
19 countryName_value               = AU
20
21 organizationName                = Organization Name (eg, company)
22 organizationName_value          = Dodgy Brothers
23
24 commonName                      = Common Name (eg, YOUR name)
25 commonName_value                = Dodgy CA
26
27 ####################################################################
28 [ ca ]
29 default_ca      = CA_default            # The default ca section
30
31 ####################################################################
32 [ CA_default ]
33
34 dir             = ./demoCA              # Where everything is kept
35 certs           = $dir/certs            # Where the issued certs are kept
36 crl_dir         = $dir/crl              # Where the issued crl are kept
37 database        = $dir/index.txt        # database index file.
38 #unique_subject = no                    # Set to 'no' to allow creation of
39                                         # several certificates with same subject.
40 new_certs_dir   = $dir/newcerts         # default place for new certs.
41
42 certificate     = $dir/cacert.pem       # The CA certificate
43 serial          = $dir/serial           # The current serial number
44 crl             = $dir/crl.pem          # The current CRL
45 private_key     = $dir/private/cakey.pem# The private key
46 RANDFILE        = $dir/private/.rand    # private random number file
47
48 x509_extensions = v3_ca                 # The extensions to add to the cert
49
50 name_opt        = ca_default            # Subject Name options
51 cert_opt        = ca_default            # Certificate field options
52
53 default_days    = 365                   # how long to certify for
54 default_crl_days= 30                    # how long before next CRL
55 default_md      = md5                   # which md to use.
56 preserve        = no                    # keep passed DN ordering
57
58 policy          = policy_anything
59
60 [ policy_anything ]
61 countryName             = optional
62 stateOrProvinceName     = optional
63 localityName            = optional
64 organizationName        = optional
65 organizationalUnitName  = optional
66 commonName              = supplied
67 emailAddress            = optional
68
69
70
71 [ v3_ca ]
72 subjectKeyIdentifier=hash
73 authorityKeyIdentifier=keyid:always,issuer:always
74 basicConstraints = critical,CA:true,pathlen:1
75 keyUsage = cRLSign, keyCertSign
76 issuerAltName=issuer:copy