54 lines
1.7 KiB
INI
54 lines
1.7 KiB
INI
[ ca ]
|
|
default_ca = CA_default # The default ca section
|
|
|
|
[ CA_default ]
|
|
dir = . # top dir
|
|
database = $dir/index.txt # index file.
|
|
new_certs_dir = $dir/certs # new certs dir
|
|
serial = $dir/serial # serial no file
|
|
RANDFILE = $dir/private/.rand # random number file
|
|
|
|
private_key = $dir/private/ca.key.pem# CA private key
|
|
certificate = $dir/ca.cert.pem # The CA cert
|
|
|
|
default_startdate = 19700101000000Z
|
|
default_enddate = 99991231235959Z
|
|
|
|
default_crl_days= 30 # how long before next CRL
|
|
|
|
default_md = sha256 # md to use
|
|
policy = policy_any # default policy
|
|
email_in_dn = no # Don't add the email into cert DN
|
|
name_opt = ca_default # Subject name display option
|
|
cert_opt = ca_default # Certificate display option
|
|
copy_extensions = none # Don't copy extensions from request
|
|
|
|
[ policy_any ]
|
|
organizationName = match
|
|
commonName = supplied
|
|
|
|
[ req ]
|
|
default_bits = 2048
|
|
distinguished_name = req_distinguished_name
|
|
x509_extensions = v3_leaf
|
|
encrypt_key = no
|
|
default_md = sha256
|
|
|
|
[ req_distinguished_name ]
|
|
commonName = Common Name (eg, YOUR name)
|
|
commonName_max = 64
|
|
|
|
[ v3_ca ]
|
|
subjectKeyIdentifier=hash
|
|
authorityKeyIdentifier=keyid:always,issuer:always
|
|
basicConstraints = CA:TRUE
|
|
|
|
[ v3_inter ]
|
|
subjectKeyIdentifier=hash
|
|
authorityKeyIdentifier=keyid:always,issuer:always
|
|
basicConstraints = CA:TRUE,pathlen:0
|
|
|
|
[ v3_leaf ]
|
|
subjectKeyIdentifier=hash
|
|
authorityKeyIdentifier=keyid:always,issuer:always
|
|
basicConstraints = CA:FALSE
|