test/CAss.cnf

   1
   2 ####################################################################
   3 [ req ]
   4 default_bits            = 2048
   5 default_keyfile         = keySS.pem
   6 distinguished_name      = req_distinguished_name
   7 encrypt_rsa_key         = no
   8 default_md              = sha1
   9
  10 [ req_distinguished_name ]
  11 countryName                     = Country Name (2 letter code)
  12 countryName_default             = AU
  13 countryName_value               = AU
  14
  15 organizationName                = Organization Name (eg, company)
  16 organizationName_value          = Dodgy Brothers
  17
  18 commonName                      = Common Name (eg, YOUR name)
  19 commonName_value                = Dodgy CA
  20
  21 ####################################################################
  22 [ ca ]
  23 default_ca      = CA_default            # The default ca section
  24
  25 ####################################################################
  26 [ CA_default ]
  27
  28 dir             = ./demoCA              # Where everything is kept
  29 certs           = $dir/certs            # Where the issued certs are kept
  30 crl_dir         = $dir/crl              # Where the issued crl are kept
  31 database        = $dir/index.txt        # database index file.
  32 #unique_subject = no                    # Set to 'no' to allow creation of
  33                                         # several certificates with same subject.
  34 new_certs_dir   = $dir/newcerts         # default place for new certs.
  35
  36 certificate     = $dir/cacert.pem       # The CA certificate
  37 serial          = $dir/serial           # The current serial number
  38 crl             = $dir/crl.pem          # The current CRL
  39 private_key     = $dir/private/cakey.pem# The private key
  40
  41 x509_extensions = v3_ca                 # The extensions to add to the cert
  42
  43 name_opt        = ca_default            # Subject Name options
  44 cert_opt        = ca_default            # Certificate field options
  45
  46 default_days    = 365                   # how long to certify for
  47 default_crl_days= 30                    # how long before next CRL
  48 default_md      = md5                   # which md to use.
  49 preserve        = no                    # keep passed DN ordering
  50
  51 policy          = policy_anything
  52
  53 [ policy_anything ]
  54 countryName             = optional
  55 stateOrProvinceName     = optional
  56 localityName            = optional
  57 organizationName        = optional
  58 organizationalUnitName  = optional
  59 commonName              = supplied
  60 emailAddress            = optional
  61
  62
  63
  64 [ v3_ca ]
  65 subjectKeyIdentifier=hash
  66 authorityKeyIdentifier=keyid:always,issuer:always
  67 basicConstraints = critical,CA:true,pathlen:1
  68 keyUsage = cRLSign, keyCertSign
  69 issuerAltName=issuer:copy