|
|
@@ -0,0 +1,78 @@ |
|
|
|
|
|
|
|
dir = . |
|
|
|
|
|
|
|
[ ca ] |
|
|
|
default_ca = CA_default |
|
|
|
|
|
|
|
[ CA_default ] |
|
|
|
serial = $dir/serial |
|
|
|
database = $dir/certindex.txt |
|
|
|
new_certs_dir = $dir/certs |
|
|
|
certificate = $dir/ca.crt |
|
|
|
private_key = $dir/private/ca.key |
|
|
|
default_days = 365 |
|
|
|
default_md = md5 |
|
|
|
default_crl_days = 30 |
|
|
|
preserve = no |
|
|
|
email_in_dn = yes |
|
|
|
nameopt = default_ca |
|
|
|
certopt = default_ca |
|
|
|
policy = policy_match |
|
|
|
crl_dir = $dir/revoked |
|
|
|
crlnumber = $crl_dir/crlnumber |
|
|
|
crl_extensions = crl_ext |
|
|
|
x509_extensions = usr_cert |
|
|
|
copy_extensions = copy |
|
|
|
rand_serial = no |
|
|
|
|
|
|
|
[ policy_match ] |
|
|
|
countryName = optional |
|
|
|
stateOrProvinceName = optional |
|
|
|
organizationName = optional |
|
|
|
organizationalUnitName = optional |
|
|
|
commonName = supplied |
|
|
|
emailAddress = supplied |
|
|
|
|
|
|
|
[ crl_ext ] |
|
|
|
authorityKeyIdentifier = keyid:always,issues:always |
|
|
|
|
|
|
|
[ usr_cert ] |
|
|
|
basicConstraints = CA:FALSE |
|
|
|
subjectKeyIdentifier = hash |
|
|
|
authorityKeyIdentifier = keyid, issuer |
|
|
|
crlDistributionPoints = URI:http://localhost/ca/crl.pem |
|
|
|
|
|
|
|
[ req ] |
|
|
|
default_bits = 2048 |
|
|
|
default_keyfile = key.pem |
|
|
|
default_md = md5 |
|
|
|
string_mask = utf8only |
|
|
|
distinguished_name = req_distinguished_name |
|
|
|
req_extensions = v3_req |
|
|
|
|
|
|
|
[ req_distinguished_name ] |
|
|
|
0.organizationName = . |
|
|
|
organizationalUnitName = . |
|
|
|
emailAddress = luka.licina@geneza.com |
|
|
|
emailAddress_max = 40 |
|
|
|
localityName = . |
|
|
|
stateOrProvinceName = . |
|
|
|
countryName = SI |
|
|
|
countryName_max = . |
|
|
|
countryName_max = . |
|
|
|
commonName = TheServer |
|
|
|
commonName_max = 64 |
|
|
|
|
|
|
|
0.organizationName_default = . |
|
|
|
localityName_default = . |
|
|
|
stateOrProvinceName_default = . |
|
|
|
countryName_default = SI |
|
|
|
|
|
|
|
[ v3_ca ] |
|
|
|
basicConstraints = CA:TRUE |
|
|
|
subjectKeyIdentifier = hash |
|
|
|
authorityKeyIdentifier = keyid:always,issuer:always |
|
|
|
|
|
|
|
[ v3_req ] |
|
|
|
basicConstraints = CA:FALSE |
|
|
|
subjectKeyIdentifier = hash |