• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Defaults in the event they're not set in the environment
2CA_DIR    = out
3KEY_SIZE  = 2048
4ALGO      = sha256
5CERT_TYPE = root
6CA_NAME   = req_env_dn
7CA_COMMON_NAME = Test Root CA
8
9[ca]
10default_ca = CA_root
11preserve   = yes
12
13# The default test root, used to generate certificates and CRLs.
14[CA_root]
15dir           = $ENV::CA_DIR
16key_size      = $ENV::KEY_SIZE
17algo          = $ENV::ALGO
18cert_type     = $ENV::CERT_TYPE
19type          = $key_size-$algo-$cert_type
20database      = $dir/$type-index.txt
21new_certs_dir = $dir
22serial        = $dir/$type-serial
23certificate   = $dir/$type.pem
24private_key   = $dir/$type.key
25RANDFILE      = $dir/.rand
26default_days     = 3650
27default_crl_days = 30
28default_md       = sha256
29policy           = policy_anything
30unique_subject   = no
31copy_extensions  = copy
32
33[user_cert]
34# Extensions to add when signing a request for an EE cert
35basicConstraints       = critical, CA:false
36subjectKeyIdentifier   = hash
37authorityKeyIdentifier = keyid:always
38extendedKeyUsage       = serverAuth,clientAuth
39
40[ca_cert]
41# Extensions to add when signing a request for an intermediate/CA cert
42basicConstraints       = critical, CA:true
43subjectKeyIdentifier   = hash
44#authorityKeyIdentifier = keyid:always
45keyUsage               = critical, keyCertSign, cRLSign
46
47[crl_extensions]
48# Extensions to add when signing a CRL
49authorityKeyIdentifier = keyid:always
50
51[policy_anything]
52# Default signing policy
53countryName            = optional
54stateOrProvinceName    = optional
55localityName           = optional
56organizationName       = optional
57organizationalUnitName = optional
58commonName             = optional
59emailAddress           = optional
60
61[req]
62# The request section used to generate the root CA certificate. This should
63# not be used to generate end-entity certificates. For certificates other
64# than the root CA, see README to find the appropriate configuration file
65# (ie: openssl_cert.cnf).
66default_bits       = $ENV::KEY_SIZE
67default_md         = sha256
68string_mask        = utf8only
69prompt             = no
70encrypt_key        = no
71distinguished_name = $ENV::CA_NAME
72x509_extensions    = req_ca_exts
73
74[req_ca_dn]
75C  = US
76ST = California
77L  = Mountain View
78O  = Test CA
79CN = Test Root CA
80
81[req_intermediate_dn]
82C  = US
83ST = California
84L  = Mountain View
85O  = Test CA
86CN = Test Intermediate CA
87
88[req_env_dn]
89CN = $ENV::CA_COMMON_NAME
90
91[req_ca_exts]
92basicConstraints       = critical, CA:true
93keyUsage               = critical, keyCertSign, cRLSign
94subjectKeyIdentifier   = hash
95