OLD | NEW |
1 [ca] | 1 [ca] |
2 default_ca = CA_root | 2 default_ca = CA_root |
3 preserve = yes | 3 preserve = yes |
4 | 4 |
5 # The default test root, used to generate certificates and CRLs. | 5 # The default test root, used to generate certificates and CRLs. |
6 [CA_root] | 6 [CA_root] |
7 dir = out | 7 dir = out |
8 key_size = 2048 | 8 key_size = 2048 |
9 algo = sha256 | 9 algo = sha256 |
10 cert_type = root | 10 cert_type = root |
11 database = $dir/${ENV::CA_ID}-index.txt | 11 database = $dir/${ENV::CA_ID}-index.txt |
12 new_certs_dir = $dir | 12 new_certs_dir = $dir |
13 serial = $dir/${ENV::CA_ID}-serial | 13 serial = $dir/${ENV::CA_ID}-serial |
14 certificate = $dir/${ENV::CA_ID}.pem | 14 certificate = $dir/${ENV::CA_ID}.pem |
15 private_key = $dir/${ENV::CA_ID}.key | 15 private_key = $dir/${ENV::CA_ID}.key |
16 RANDFILE = $dir/.rand | 16 RANDFILE = $dir/.rand |
17 default_days = 3650 | 17 default_days = 3650 |
18 default_crl_days = 30 | 18 default_crl_days = 30 |
19 default_md = sha256 | 19 default_md = sha256 |
20 policy = policy_anything | 20 policy = policy_anything |
21 unique_subject = no | 21 unique_subject = no |
22 copy_extensions = copy | 22 copy_extensions = copy |
23 | 23 |
24 [leaf_cert] | 24 [leaf_cert] |
25 # Extensions to add when signing a request for an leaf cert | 25 # Extensions to add when signing a request for an leaf cert |
26 basicConstraints = critical, CA:false | 26 basicConstraints = critical, CA:false |
27 subjectKeyIdentifier = hash | 27 subjectKeyIdentifier = hash |
28 authorityKeyIdentifier = keyid:always | 28 authorityKeyIdentifier = keyid:always |
29 extendedKeyUsage = serverAuth, clientAuth | 29 extendedKeyUsage = serverAuth, clientAuth |
| 30 subjectAltName = DNS:${ENV::CN} |
30 | 31 |
31 [ca_cert] | 32 [ca_cert] |
32 # Extensions to add when signing a request for an intermediate/CA cert | 33 # Extensions to add when signing a request for an intermediate/CA cert |
33 basicConstraints = critical, CA:true | 34 basicConstraints = critical, CA:true |
34 subjectKeyIdentifier = hash | 35 subjectKeyIdentifier = hash |
35 authorityKeyIdentifier = keyid:always | 36 authorityKeyIdentifier = keyid:always |
36 keyUsage = critical, keyCertSign, cRLSign | 37 keyUsage = critical, keyCertSign, cRLSign |
37 | 38 |
38 [policy_anything] | 39 [policy_anything] |
39 # Default signing policy | 40 # Default signing policy |
40 countryName = optional | 41 countryName = optional |
41 stateOrProvinceName = optional | 42 stateOrProvinceName = optional |
42 localityName = optional | 43 localityName = optional |
43 organizationName = optional | 44 organizationName = optional |
44 organizationalUnitName = optional | 45 organizationalUnitName = optional |
45 commonName = optional | 46 commonName = optional |
46 emailAddress = optional | 47 emailAddress = optional |
47 | 48 |
48 [req] | 49 [req] |
49 default_bits = 2048 | 50 default_bits = 2048 |
50 default_md = sha256 | 51 default_md = sha256 |
51 string_mask = utf8only | 52 string_mask = utf8only |
52 prompt = no | 53 prompt = no |
53 encrypt_key = no | 54 encrypt_key = no |
54 distinguished_name = dn | 55 distinguished_name = dn |
55 | 56 |
56 [dn] | 57 [dn] |
57 CN = $ENV::CN | 58 CN = ${ENV::CN} |
OLD | NEW |