|
-
- dir = .
-
- [ ca ]
- default_ca = CA_default
-
- [ CA_default ]
- serial = $dir/serial
- database = $dir/certindex.txt
- new_certs_dir = $dir/certs
- certificate = $dir/ca.crt
- private_key = $dir/private/ca.key
- default_days = 365
- default_md = sha256
- default_crl_days = 30
- preserve = no
- email_in_dn = yes
- nameopt = default_ca
- certopt = default_ca
- policy = policy_match
- crl_dir = $dir/revoked
- crlnumber = $crl_dir/crlnumber
- crl_extensions = crl_ext
- x509_extensions = usr_cert
- copy_extensions = copy
- rand_serial = no
-
- [ policy_match ]
- countryName = optional
- stateOrProvinceName = optional
- organizationName = optional
- organizationalUnitName = optional
- commonName = supplied
- emailAddress = supplied
-
- [ crl_ext ]
- authorityKeyIdentifier = keyid
-
- [ usr_cert ]
- basicConstraints = CA:FALSE
- subjectKeyIdentifier = hash
- authorityKeyIdentifier = keyid, issuer
- crlDistributionPoints = URI:http://localhost/ca/crl.pem
-
- [ req ]
- default_bits = 2048
- default_keyfile = key.pem
- default_md = md5
- string_mask = utf8only
- distinguished_name = req_distinguished_name
- req_extensions = v3_req
-
- [ req_distinguished_name ]
- 0.organizationName = .
- organizationalUnitName = .
- emailAddress = luka.licina@geneza.com
- emailAddress_max = 40
- localityName = .
- stateOrProvinceName = .
- countryName = SI
- countryName_max = .
- countryName_max = .
- commonName = TheServer
- commonName_max = 64
-
- 0.organizationName_default = .
- localityName_default = .
- stateOrProvinceName_default = .
- countryName_default = SI
-
- [ v3_ca ]
- basicConstraints = CA:TRUE
- subjectKeyIdentifier = hash
- authorityKeyIdentifier = keyid:always,issuer:always
-
- [ v3_req ]
- basicConstraints = CA:FALSE
- subjectKeyIdentifier = hash
|
