net/data/ssl/scripts/aia-test.cnf


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

CA_DIR=out
CA_NAME=aia-test-root
AIA_URL=http://aia-test.invalid

[ca]
default_ca = CA_root
preserve   = yes

[CA_root]
dir           = ${ENV::CA_DIR}
key_size      = 2048
algo          = sha256
database      = $dir/${ENV::CA_NAME}-index.txt
new_certs_dir = $dir
serial        = $dir/${ENV::CA_NAME}-serial
certificate   = $dir/${ENV::CA_NAME}.pem
private_key   = $dir/${ENV::CA_NAME}.key
RANDFILE      = $dir/.rand
default_days     = 3650
default_crl_days = 30
default_md       = sha256
policy           = policy_anything
unique_subject   = no
copy_extensions  = copy

[user_cert]
basicConstraints       = critical, CA:false
extendedKeyUsage       = serverAuth, clientAuth
authorityInfoAccess    = caIssuers;URI:${ENV::AIA_URL}

[ca_cert]
basicConstraints       = critical, CA:true
keyUsage               = critical, keyCertSign, cRLSign

[policy_anything]
# Default signing policy
countryName            = optional
stateOrProvinceName    = optional
localityName           = optional
organizationName       = optional
organizationalUnitName = optional
commonName             = optional
emailAddress           = optional

[req]
default_bits       = 2048
default_md         = sha256
string_mask        = utf8only
prompt             = no
encrypt_key        = no
distinguished_name = req_env_dn

[req_env_dn]
CN = ${ENV::CA_COMMON_NAME}