OLD | NEW |
1 CA_DIR = out | 1 CA_DIR = out |
2 | 2 |
3 [ca] | 3 [ca] |
4 default_ca = CA_root | 4 default_ca = CA_root |
5 preserve = yes | 5 preserve = yes |
6 | 6 |
7 # The default test root, used to generate certificates and CRLs. | 7 # The default test root, used to generate certificates and CRLs. |
8 [CA_root] | 8 [CA_root] |
9 dir = ${ENV::CA_DIR} | 9 dir = ${ENV::CA_DIR} |
10 database = ${dir}/${ENV::CERTIFICATE}-index.txt | 10 database = ${dir}/${ENV::CERTIFICATE}-index.txt |
11 new_certs_dir = ${dir} | 11 new_certs_dir = ${dir} |
12 serial = ${dir}/${ENV::CERTIFICATE}-serial | 12 serial = ${dir}/${ENV::CERTIFICATE}-serial |
13 certificate = ${dir}/${ENV::CERTIFICATE}.pem | 13 certificate = ${dir}/${ENV::CERTIFICATE}.pem |
14 private_key = ${dir}/${ENV::CERTIFICATE}.key | 14 private_key = ${dir}/${ENV::CERTIFICATE}.key |
15 RANDFILE = ${dir}/rand | 15 RANDFILE = ${dir}/rand |
16 default_days = 3650 | 16 default_days = 3650 |
17 default_crl_days = 30 | 17 default_crl_days = 30 |
18 default_md = sha256 | 18 default_md = sha256 |
19 policy = policy_anything | 19 policy = policy_anything |
20 unique_subject = no | 20 unique_subject = no |
21 | 21 |
22 [user_cert] | 22 [user_cert] |
23 # Extensions to add when signing a request for an EE cert | 23 # Extensions to add when signing a request for an EE cert |
24 basicConstraints = critical, CA:false | 24 basicConstraints = critical, CA:false |
25 subjectKeyIdentifier = hash | 25 subjectKeyIdentifier = hash |
26 authorityKeyIdentifier = keyid:always | 26 authorityKeyIdentifier = keyid:always |
27 extendedKeyUsage = serverAuth,clientAuth | 27 extendedKeyUsage = serverAuth,clientAuth |
| 28 subjectAltName = IP:127.0.0.1 |
28 | 29 |
29 [ca_cert] | 30 [ca_cert] |
30 # Extensions to add when signing a request for an intermediate/CA cert | 31 # Extensions to add when signing a request for an intermediate/CA cert |
31 basicConstraints = critical, CA:true | 32 basicConstraints = critical, CA:true |
32 subjectKeyIdentifier = hash | 33 subjectKeyIdentifier = hash |
33 keyUsage = critical, keyCertSign, cRLSign | 34 keyUsage = critical, keyCertSign, cRLSign |
34 | 35 |
35 [ca_cert_with_aki] | 36 [ca_cert_with_aki] |
36 # Extensions to add when signing a request for an intermediate/CA cert | 37 # Extensions to add when signing a request for an intermediate/CA cert |
37 basicConstraints = critical, CA:true | 38 basicConstraints = critical, CA:true |
(...skipping 20 matching lines...) Expand all Loading... |
58 # The request section used to generate certificate requests. | 59 # The request section used to generate certificate requests. |
59 default_bits = 2048 | 60 default_bits = 2048 |
60 default_md = sha256 | 61 default_md = sha256 |
61 string_mask = utf8only | 62 string_mask = utf8only |
62 prompt = no | 63 prompt = no |
63 encrypt_key = no | 64 encrypt_key = no |
64 distinguished_name = req_env_dn | 65 distinguished_name = req_env_dn |
65 | 66 |
66 [req_env_dn] | 67 [req_env_dn] |
67 CN = ${ENV::CA_COMMON_NAME} | 68 CN = ${ENV::CA_COMMON_NAME} |
OLD | NEW |