1CA_DIR=out 2CA_NAME=aia-test-root 3AIA_URL=http://aia-test.invalid 4 5[ca] 6default_ca = CA_root 7preserve = yes 8 9[CA_root] 10dir = ${ENV::CA_DIR} 11key_size = 2048 12algo = sha1 13database = $dir/${ENV::CA_NAME}-index.txt 14new_certs_dir = $dir 15serial = $dir/${ENV::CA_NAME}-serial 16certificate = $dir/${ENV::CA_NAME}.pem 17private_key = $dir/${ENV::CA_NAME}.key 18RANDFILE = $dir/.rand 19default_days = 3650 20default_crl_days = 30 21default_md = sha1 22policy = policy_anything 23unique_subject = no 24copy_extensions = copy 25 26[user_cert] 27basicConstraints = critical, CA:false 28extendedKeyUsage = serverAuth, clientAuth 29authorityInfoAccess = caIssuers;URI:${ENV::AIA_URL} 30 31[ca_cert] 32basicConstraints = critical, CA:true 33keyUsage = critical, keyCertSign, cRLSign 34 35[policy_anything] 36# Default signing policy 37countryName = optional 38stateOrProvinceName = optional 39localityName = optional 40organizationName = optional 41organizationalUnitName = optional 42commonName = optional 43emailAddress = optional 44 45[req] 46default_bits = 2048 47default_md = sha1 48string_mask = utf8only 49prompt = no 50encrypt_key = no 51distinguished_name = req_env_dn 52 53[req_env_dn] 54CN = ${ENV::CA_COMMON_NAME} 55 56