OLD | NEW |
1 CA_DIR=out | 1 CA_DIR=out |
2 CA_NAME=policy-root | 2 CA_NAME=policy-root |
| 3 SAN=policy_test.example |
3 | 4 |
4 [ca] | 5 [ca] |
5 default_ca = CA_root | 6 default_ca = CA_root |
6 preserve = yes | 7 preserve = yes |
7 | 8 |
8 [CA_root] | 9 [CA_root] |
9 dir = ${ENV::CA_DIR} | 10 dir = ${ENV::CA_DIR} |
10 key_size = 2048 | 11 key_size = 2048 |
11 algo = sha256 | 12 algo = sha256 |
12 database = $dir/${ENV::CA_NAME}-index.txt | 13 database = $dir/${ENV::CA_NAME}-index.txt |
13 new_certs_dir = $dir | 14 new_certs_dir = $dir |
14 serial = $dir/${ENV::CA_NAME}-serial | 15 serial = $dir/${ENV::CA_NAME}-serial |
15 certificate = $dir/${ENV::CA_NAME}.pem | 16 certificate = $dir/${ENV::CA_NAME}.pem |
16 private_key = $dir/${ENV::CA_NAME}.key | 17 private_key = $dir/${ENV::CA_NAME}.key |
17 RANDFILE = $dir/.rand | 18 RANDFILE = $dir/.rand |
18 default_days = 3650 | 19 default_days = 3650 |
19 default_crl_days = 30 | 20 default_crl_days = 30 |
20 default_md = sha256 | 21 default_md = sha256 |
21 policy = policy_anything | 22 policy = policy_anything |
22 unique_subject = no | 23 unique_subject = no |
23 copy_extensions = copy | 24 copy_extensions = copy |
24 | 25 |
25 [user_cert] | 26 [user_cert] |
26 basicConstraints = critical, CA:false | 27 basicConstraints = critical, CA:false |
27 extendedKeyUsage = serverAuth, clientAuth | 28 extendedKeyUsage = serverAuth, clientAuth |
28 certificatePolicies = 1.2.3.4 | 29 certificatePolicies = 1.2.3.4 |
| 30 subjectAltName = DNS:${ENV::SAN} |
29 | 31 |
30 [ca_cert] | 32 [ca_cert] |
31 basicConstraints = critical, CA:true | 33 basicConstraints = critical, CA:true |
32 keyUsage = critical, digitalSignature, keyCertSign, cRLSign | 34 keyUsage = critical, digitalSignature, keyCertSign, cRLSign |
33 | 35 |
34 [intermediate_cert] | 36 [intermediate_cert] |
35 basicConstraints = critical, CA:true | 37 basicConstraints = critical, CA:true |
36 keyUsage = critical, digitalSignature, keyCertSign, cRLSign | 38 keyUsage = critical, digitalSignature, keyCertSign, cRLSign |
37 policyConstraints = requireExplicitPolicy:0 | 39 policyConstraints = requireExplicitPolicy:0 |
38 certificatePolicies = 1.2.3.4, 1.2.3.4.5, 1.2.3.5 | 40 certificatePolicies = 1.2.3.4, 1.2.3.4.5, 1.2.3.5 |
(...skipping 12 matching lines...) Expand all Loading... |
51 default_bits = 2048 | 53 default_bits = 2048 |
52 default_md = sha256 | 54 default_md = sha256 |
53 string_mask = utf8only | 55 string_mask = utf8only |
54 prompt = no | 56 prompt = no |
55 encrypt_key = no | 57 encrypt_key = no |
56 distinguished_name = req_env_dn | 58 distinguished_name = req_env_dn |
57 | 59 |
58 [req_env_dn] | 60 [req_env_dn] |
59 CN = ${ENV::COMMON_NAME} | 61 CN = ${ENV::COMMON_NAME} |
60 | 62 |
OLD | NEW |