test/ca-and-certs.cnf

   1
   2 # Comment out the next line to ignore configuration errors
   3 config_diagnostics = 1
   4
   5 CN2 = Brother 2
   6
   7 ####################################################################
   8 [ req ]
   9 distinguished_name      = req_distinguished_name
  10 encrypt_rsa_key         = no
  11 default_md              = sha1
  12
  13 [ req_distinguished_name ]
  14 countryName                     = Country Name (2 letter code)
  15 countryName_value               = AU
  16 organizationName                = Organization Name (eg, company)
  17 organizationName_value          = Dodgy Brothers
  18 commonName                      = Common Name (eg, YOUR name)
  19 commonName_value                = Dodgy CA
  20
  21 ####################################################################
  22 [ userreq ]
  23 distinguished_name      = user_dn
  24 encrypt_rsa_key         = no
  25 default_md              = sha256
  26 prompt                  = no
  27
  28 [ user_dn ]
  29 countryName             = AU
  30 organizationName        = Dodgy Brothers
  31 0.commonName            = Brother 1
  32 1.commonName            = $ENV::CN2
  33
  34 [ v3_ee ]
  35 subjectKeyIdentifier    = hash
  36 authorityKeyIdentifier  = keyid,issuer:always
  37 basicConstraints        = CA:false
  38 keyUsage                = nonRepudiation, digitalSignature, keyEncipherment
  39
  40 [ v3_ee_dsa ]
  41 subjectKeyIdentifier    = hash
  42 authorityKeyIdentifier  = keyid:always
  43 basicConstraints        = CA:false
  44 keyUsage                = nonRepudiation, digitalSignature
  45
  46 [ v3_ee_ec ]
  47 subjectKeyIdentifier    = hash
  48 authorityKeyIdentifier  = keyid:always
  49 basicConstraints        = CA:false
  50 keyUsage                = nonRepudiation, digitalSignature, keyAgreement
  51
  52 ####################################################################
  53 [ ca ]
  54 default_ca      = CA_default
  55
  56 [ CA_default ]
  57 dir             = ./demoCA
  58 certs           = $dir/certs
  59 crl_dir         = $dir/crl
  60 database        = $dir/index.txt
  61 new_certs_dir   = $dir/newcerts
  62 certificate     = $dir/cacert.pem
  63 serial          = $dir/serial
  64 crl             = $dir/crl.pem
  65 private_key     = $dir/private/cakey.pem
  66 x509_extensions = v3_ca
  67 name_opt        = ca_default
  68 cert_opt        = ca_default
  69 default_days    = 365
  70 default_crl_days= 30
  71 default_md      = sha1
  72 preserve        = no
  73 policy          = policy_anything
  74
  75 [ policy_anything ]
  76 countryName             = optional
  77 stateOrProvinceName     = optional
  78 localityName            = optional
  79 organizationName        = optional
  80 organizationalUnitName  = optional
  81 commonName              = supplied
  82 emailAddress            = optional
  83
  84 [ v3_ca ]
  85 subjectKeyIdentifier    = hash
  86 authorityKeyIdentifier  = keyid:always,issuer:always
  87 basicConstraints        = critical,CA:true,pathlen:1
  88 keyUsage                = cRLSign, keyCertSign
  89 issuerAltName           = issuer:copy