#
-# SSLeay example configuration file.
+# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the cert
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
-#1.organizationName_default = CryptSoft Pty Ltd
+#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
[ x509v3_extensions ]
-nsCaRevocationUrl = http://www.cryptsoft.com/ca-crl.pem
+nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
nsComment = "This is a comment"
# under ASN.1, the 0 bit would be encoded as 80
#nsCertExt
#nsDataType
+[ v3_ca]
+
+# Extensions for a typical CA
+
+basicConstraints = CA:true
+keyUsage = cRLSign, keyCertSign
+
+