OLD | NEW |
1 ID=1 | 1 ID=1 |
2 CA_DIR=out | 2 CA_DIR=out |
3 | 3 |
4 [ca] | 4 [ca] |
5 default_ca = ca_settings | 5 default_ca = ca_settings |
6 preserve = yes | 6 preserve = yes |
7 | 7 |
8 [ca_settings] | 8 [ca_settings] |
9 dir = ${ENV::CA_DIR} | 9 dir = ${ENV::CA_DIR} |
10 database = $dir/${ENV::ID}-index.txt | 10 database = $dir/${ENV::ID}-index.txt |
11 new_certs_dir = $dir | 11 new_certs_dir = $dir |
12 serial = $dir/${ENV::ID}-serial | 12 serial = $dir/${ENV::ID}-serial |
13 certificate = $dir/${ENV::ID}.pem | 13 certificate = $dir/${ENV::ID}.pem |
14 private_key = $dir/${ENV::ID}.key | 14 private_key = $dir/${ENV::ID}.key |
15 RANDFILE = $dir/rand | 15 RANDFILE = $dir/rand |
16 default_md = sha1 | 16 default_md = sha256 |
17 default_days = 3650 | 17 default_days = 3650 |
18 policy = policy_anything | 18 policy = policy_anything |
19 unique_subject = no | 19 unique_subject = no |
20 copy_extensions = copy | 20 copy_extensions = copy |
21 | 21 |
22 [policy_anything] | 22 [policy_anything] |
23 # Default signing policy | 23 # Default signing policy |
24 countryName = optional | 24 countryName = optional |
25 stateOrProvinceName = optional | 25 stateOrProvinceName = optional |
26 localityName = optional | 26 localityName = optional |
27 organizationName = optional | 27 organizationName = optional |
28 organizationalUnitName = optional | 28 organizationalUnitName = optional |
29 commonName = optional | 29 commonName = optional |
30 emailAddress = optional | 30 emailAddress = optional |
31 | 31 |
32 [req] | 32 [req] |
33 default_bits = 2048 | 33 default_bits = 2048 |
34 default_md = sha1 | 34 default_md = sha256 |
35 string_mask = utf8only | 35 string_mask = utf8only |
36 prompt = no | 36 prompt = no |
37 encrypt_key = no | 37 encrypt_key = no |
38 distinguished_name = req_env_dn | 38 distinguished_name = req_env_dn |
39 | 39 |
40 [user_cert] | 40 [user_cert] |
41 # Extensions to add when signing a request for an EE cert | 41 # Extensions to add when signing a request for an EE cert |
42 basicConstraints = critical, CA:false | 42 basicConstraints = critical, CA:false |
43 extendedKeyUsage = serverAuth,clientAuth | 43 extendedKeyUsage = serverAuth,clientAuth |
44 | 44 |
45 [ca_cert] | 45 [ca_cert] |
46 # Extensions to add when signing a request for an intermediate/CA cert | 46 # Extensions to add when signing a request for an intermediate/CA cert |
47 basicConstraints = critical, CA:true | 47 basicConstraints = critical, CA:true |
48 keyUsage = critical, keyCertSign, cRLSign | 48 keyUsage = critical, keyCertSign, cRLSign |
49 | 49 |
50 [req_env_dn] | 50 [req_env_dn] |
51 CN = ${ENV::COMMON_NAME} | 51 CN = ${ENV::COMMON_NAME} |
OLD | NEW |