Codebase list openssl / scrub-obsolete/main test / ca-and-certs.cnf
scrub-obsolete/main

Tree @scrub-obsolete/main (Download .tar.gz)

ca-and-certs.cnf @scrub-obsolete/mainraw · history · blame 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# Comment out the next line to ignore configuration errors
config_diagnostics = 1

CN2 = Brother 2

####################################################################
[ req ]
distinguished_name	= req_distinguished_name
encrypt_rsa_key		= no
default_md		= sha1

[ req_distinguished_name ]
countryName			= Country Name (2 letter code)
countryName_value		= AU
organizationName		= Organization Name (eg, company)
organizationName_value		= Dodgy Brothers
commonName			= Common Name (eg, YOUR name)
commonName_value		= Dodgy CA

####################################################################
[ userreq ]
distinguished_name	= user_dn
encrypt_rsa_key		= no
default_md		= sha256
prompt			= no

[ user_dn ]
countryName		= AU
organizationName	= Dodgy Brothers
0.commonName		= Brother 1
1.commonName		= $ENV::CN2

[ v3_ee ]
subjectKeyIdentifier	= hash
authorityKeyIdentifier	= keyid,issuer:always
basicConstraints 	= CA:false
keyUsage		= nonRepudiation, digitalSignature, keyEncipherment

[ v3_ee_dsa ]
subjectKeyIdentifier	= hash
authorityKeyIdentifier	= keyid:always
basicConstraints	= CA:false
keyUsage		= nonRepudiation, digitalSignature

[ v3_ee_ec ]
subjectKeyIdentifier	= hash
authorityKeyIdentifier	= keyid:always
basicConstraints	= CA:false
keyUsage		= nonRepudiation, digitalSignature, keyAgreement

####################################################################
[ ca ]
default_ca	= CA_default

[ CA_default ]
dir		= ./demoCA
certs		= $dir/certs
crl_dir		= $dir/crl
database	= $dir/index.txt
new_certs_dir	= $dir/newcerts
certificate	= $dir/cacert.pem
serial		= $dir/serial
crl		= $dir/crl.pem
private_key	= $dir/private/cakey.pem
x509_extensions	= v3_ca
name_opt 	= ca_default
cert_opt 	= ca_default
default_days	= 365
default_crl_days= 30
default_md	= sha1
preserve	= no
policy		= policy_anything

[ policy_anything ]
countryName		= optional
stateOrProvinceName	= optional
localityName		= optional
organizationName	= optional
organizationalUnitName	= optional
commonName		= supplied
emailAddress		= optional

[ v3_ca ]
subjectKeyIdentifier	= hash
authorityKeyIdentifier	= keyid:always,issuer:always
basicConstraints 	= critical,CA:true,pathlen:1
keyUsage		= cRLSign, keyCertSign
issuerAltName		= issuer:copy