OLD | NEW |
---|---|
(Empty) | |
1 [ca] | |
2 default_ca = CA_root | |
3 | |
4 # The default test root, used to generate certificates and CRLs. | |
5 [CA_root] | |
6 dir = ./root_ca | |
7 database = $dir/index.txt | |
8 new_certs_dir = $dir/newcerts | |
9 serial = $dir/serial | |
10 certificate = $dir/cacert.pem | |
11 private_key = $dir/private/cacert.key | |
12 RANDFILE = $dir/private/.rand | |
13 | |
14 default_days = 365 | |
15 default_crl_days = 30 | |
16 default_md = sha1 | |
17 policy = policy_anything | |
18 | |
19 [user_cert] | |
20 # Extensions to add when signing a request for an EE cert | |
21 basicConstraints = CA:false | |
22 subjectKeyIdentifier = hash | |
23 authorityKeyIdentifier = keyid,issuer:always | |
wtc
2010/11/23 00:30:11
We probably should not include 'issuer'. Having '
| |
24 | |
25 [ca_cert] | |
26 # Extensions to add when signing a request for an intermediate/CA cert | |
27 basicConstraints = CA:true | |
28 subjectKeyIdentifier = hash | |
29 authorityKeyIdentifier = keyid,issuer:always | |
30 | |
31 [crl_extensions] | |
32 # Extensions to add when signing a CRL | |
33 authorityKeyIdentifier = keyid:always,issuer:always | |
34 | |
35 [policy_anything] | |
36 countryName = optional | |
37 stateOrProvinceName = optional | |
38 localityName = optional | |
39 organizationName = optional | |
40 organizationalUnitName = optional | |
41 commonName = supplied | |
42 emailAddress = optional | |
OLD | NEW |