Index: net/data/ssl/certificates/openssl_ca.cnf |
diff --git a/net/data/ssl/certificates/openssl_ca.cnf b/net/data/ssl/certificates/openssl_ca.cnf |
new file mode 100644 |
index 0000000000000000000000000000000000000000..82a66bb7274a8794c096a07f3295c279e6830ccb |
--- /dev/null |
+++ b/net/data/ssl/certificates/openssl_ca.cnf |
@@ -0,0 +1,42 @@ |
+[ca] |
+default_ca = CA_root |
+ |
+# The default test root, used to generate certificates and CRLs. |
+[CA_root] |
+dir = ./root_ca |
+database = $dir/index.txt |
+new_certs_dir = $dir/newcerts |
+serial = $dir/serial |
+certificate = $dir/cacert.pem |
+private_key = $dir/private/cacert.key |
+RANDFILE = $dir/private/.rand |
+ |
+default_days = 365 |
+default_crl_days = 30 |
+default_md = sha1 |
+policy = policy_anything |
+ |
+[user_cert] |
+# Extensions to add when signing a request for an EE cert |
+basicConstraints = CA:false |
+subjectKeyIdentifier = hash |
+authorityKeyIdentifier = keyid,issuer:always |
wtc
2010/11/23 00:30:11
We probably should not include 'issuer'. Having '
|
+ |
+[ca_cert] |
+# Extensions to add when signing a request for an intermediate/CA cert |
+basicConstraints = CA:true |
+subjectKeyIdentifier = hash |
+authorityKeyIdentifier = keyid,issuer:always |
+ |
+[crl_extensions] |
+# Extensions to add when signing a CRL |
+authorityKeyIdentifier = keyid:always,issuer:always |
+ |
+[policy_anything] |
+countryName = optional |
+stateOrProvinceName = optional |
+localityName = optional |
+organizationName = optional |
+organizationalUnitName = optional |
+commonName = supplied |
+emailAddress = optional |