diff options
Diffstat (limited to 'net/data/ssl/scripts/ca.cnf')
| -rw-r--r-- | net/data/ssl/scripts/ca.cnf | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/net/data/ssl/scripts/ca.cnf b/net/data/ssl/scripts/ca.cnf new file mode 100644 index 0000000..de27d8e --- /dev/null +++ b/net/data/ssl/scripts/ca.cnf @@ -0,0 +1,86 @@ +[ca] +default_ca = CA_root +preserve = yes + +# The default test root, used to generate certificates and CRLs. +[CA_root] +dir = $ENV::CA_DIR +key_size = $ENV::KEY_SIZE +algo = $ENV::ALGO +cert_type = $ENV::CERT_TYPE +type = $key_size-$algo-$cert_type +database = $dir/$type-index.txt +new_certs_dir = $dir +serial = $dir/$type-serial +certificate = $dir/$type.pem +private_key = $dir/$type.key +RANDFILE = $dir/.rand +default_days = 3650 +default_crl_days = 30 +default_md = sha1 +policy = policy_anything +unique_subject = no +copy_extensions = copy + +[user_cert] +# Extensions to add when signing a request for an EE cert +basicConstraints = critical, CA:false +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +extendedKeyUsage = serverAuth,clientAuth + +[ca_cert] +# Extensions to add when signing a request for an intermediate/CA cert +basicConstraints = critical, CA:true +subjectKeyIdentifier = hash +#authorityKeyIdentifier = keyid:always +keyUsage = critical, keyCertSign, cRLSign + +[crl_extensions] +# Extensions to add when signing a CRL +authorityKeyIdentifier = keyid:always + +[policy_anything] +# Default signing policy +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[req] +# The request section used to generate the root CA certificate. This should +# not be used to generate end-entity certificates. For certificates other +# than the root CA, see README to find the appropriate configuration file +# (ie: openssl_cert.cnf). +default_bits = $ENV::KEY_SIZE +default_md = sha1 +string_mask = utf8only +prompt = no +encrypt_key = no +distinguished_name = $ENV::CA_NAME +x509_extensions = req_ca_exts + +[req_ca_dn] +C = US +ST = California +L = Mountain View +O = Test CA +CN = Test Root CA + +[req_intermediate_dn] +C = US +ST = California +L = Mountain View +O = Test CA +CN = Test Intermediate CA + +[req_env_dn] +CN = $ENV::CA_COMMON_NAME + +[req_ca_exts] +basicConstraints = critical, CA:true +keyUsage = critical, keyCertSign, cRLSign +subjectKeyIdentifier = hash |