OLD | NEW |
1 CA_DIR=out | 1 CA_DIR=out |
2 CA_NAME=aia-test-root | 2 CA_NAME=aia-test-root |
3 AIA_URL=http://aia-test.invalid | 3 AIA_URL=http://aia-test.invalid |
| 4 HOST_NAME=aia-host.invalid |
4 | 5 |
5 [ca] | 6 [ca] |
6 default_ca = CA_root | 7 default_ca = CA_root |
7 preserve = yes | 8 preserve = yes |
8 | 9 |
9 [CA_root] | 10 [CA_root] |
10 dir = ${ENV::CA_DIR} | 11 dir = ${ENV::CA_DIR} |
11 key_size = 2048 | 12 key_size = 2048 |
12 algo = sha256 | 13 algo = sha256 |
13 database = $dir/${ENV::CA_NAME}-index.txt | 14 database = $dir/${ENV::CA_NAME}-index.txt |
14 new_certs_dir = $dir | 15 new_certs_dir = $dir |
15 serial = $dir/${ENV::CA_NAME}-serial | 16 serial = $dir/${ENV::CA_NAME}-serial |
16 certificate = $dir/${ENV::CA_NAME}.pem | 17 certificate = $dir/${ENV::CA_NAME}.pem |
17 private_key = $dir/${ENV::CA_NAME}.key | 18 private_key = $dir/${ENV::CA_NAME}.key |
18 RANDFILE = $dir/.rand | 19 RANDFILE = $dir/.rand |
19 default_days = 3650 | 20 default_days = 3650 |
20 default_crl_days = 30 | 21 default_crl_days = 30 |
21 default_md = sha256 | 22 default_md = sha256 |
22 policy = policy_anything | 23 policy = policy_anything |
23 unique_subject = no | 24 unique_subject = no |
24 copy_extensions = copy | 25 copy_extensions = copy |
25 | 26 |
26 [user_cert] | 27 [user_cert] |
27 basicConstraints = critical, CA:false | 28 basicConstraints = critical, CA:false |
28 extendedKeyUsage = serverAuth, clientAuth | 29 extendedKeyUsage = serverAuth, clientAuth |
29 authorityInfoAccess = caIssuers;URI:${ENV::AIA_URL} | 30 authorityInfoAccess = caIssuers;URI:${ENV::AIA_URL} |
| 31 subjectAltName = DNS:${ENV::HOST_NAME} |
30 | 32 |
31 [ca_cert] | 33 [ca_cert] |
32 basicConstraints = critical, CA:true | 34 basicConstraints = critical, CA:true |
33 keyUsage = critical, keyCertSign, cRLSign | 35 keyUsage = critical, keyCertSign, cRLSign |
34 | 36 |
35 [policy_anything] | 37 [policy_anything] |
36 # Default signing policy | 38 # Default signing policy |
37 countryName = optional | 39 countryName = optional |
38 stateOrProvinceName = optional | 40 stateOrProvinceName = optional |
39 localityName = optional | 41 localityName = optional |
40 organizationName = optional | 42 organizationName = optional |
41 organizationalUnitName = optional | 43 organizationalUnitName = optional |
42 commonName = optional | 44 commonName = optional |
43 emailAddress = optional | 45 emailAddress = optional |
44 | 46 |
45 [req] | 47 [req] |
46 default_bits = 2048 | 48 default_bits = 2048 |
47 default_md = sha256 | 49 default_md = sha256 |
48 string_mask = utf8only | 50 string_mask = utf8only |
49 prompt = no | 51 prompt = no |
50 encrypt_key = no | 52 encrypt_key = no |
51 distinguished_name = req_env_dn | 53 distinguished_name = req_env_dn |
52 | 54 |
53 [req_env_dn] | 55 [req_env_dn] |
54 CN = ${ENV::CA_COMMON_NAME} | 56 CN = ${ENV::CA_COMMON_NAME} |
55 | 57 |
OLD | NEW |