OLD | NEW |
1 CA_DIR = out | 1 CA_DIR = out |
2 | 2 |
3 [ca] | 3 [ca] |
4 default_ca = CA_root | 4 default_ca = CA_root |
5 preserve = yes | 5 preserve = yes |
6 | 6 |
7 # The default test root, used to generate certificates and CRLs. | 7 # The default test root, used to generate certificates and CRLs. |
8 [CA_root] | 8 [CA_root] |
9 dir = ${ENV::CA_DIR} | 9 dir = ${ENV::CA_DIR} |
10 database = ${dir}/${ENV::CERTIFICATE}-index.txt | 10 database = ${dir}/${ENV::CERTIFICATE}-index.txt |
11 new_certs_dir = ${dir} | 11 new_certs_dir = ${dir} |
12 serial = ${dir}/${ENV::CERTIFICATE}-serial | 12 serial = ${dir}/${ENV::CERTIFICATE}-serial |
13 certificate = ${dir}/${ENV::CERTIFICATE}.pem | 13 certificate = ${dir}/${ENV::CERTIFICATE}.pem |
14 private_key = ${dir}/${ENV::CERTIFICATE}.key | 14 private_key = ${dir}/${ENV::CERTIFICATE}.key |
15 RANDFILE = ${dir}/rand | 15 RANDFILE = ${dir}/rand |
16 default_days = 3650 | 16 default_days = 3650 |
17 default_crl_days = 30 | 17 default_crl_days = 30 |
18 default_md = sha1 | 18 default_md = sha256 |
19 policy = policy_anything | 19 policy = policy_anything |
20 unique_subject = no | 20 unique_subject = no |
21 | 21 |
22 [user_cert] | 22 [user_cert] |
23 # Extensions to add when signing a request for an EE cert | 23 # Extensions to add when signing a request for an EE cert |
24 basicConstraints = critical, CA:false | 24 basicConstraints = critical, CA:false |
25 subjectKeyIdentifier = hash | 25 subjectKeyIdentifier = hash |
26 authorityKeyIdentifier = keyid:always | 26 authorityKeyIdentifier = keyid:always |
27 extendedKeyUsage = serverAuth,clientAuth | 27 extendedKeyUsage = serverAuth,clientAuth |
28 | 28 |
(...skipping 14 matching lines...) Expand all Loading... |
43 stateOrProvinceName = optional | 43 stateOrProvinceName = optional |
44 localityName = optional | 44 localityName = optional |
45 organizationName = optional | 45 organizationName = optional |
46 organizationalUnitName = optional | 46 organizationalUnitName = optional |
47 commonName = optional | 47 commonName = optional |
48 emailAddress = optional | 48 emailAddress = optional |
49 | 49 |
50 [req] | 50 [req] |
51 # The request section used to generate certificate requests. | 51 # The request section used to generate certificate requests. |
52 default_bits = 2048 | 52 default_bits = 2048 |
53 default_md = sha1 | 53 default_md = sha256 |
54 string_mask = utf8only | 54 string_mask = utf8only |
55 prompt = no | 55 prompt = no |
56 encrypt_key = no | 56 encrypt_key = no |
57 distinguished_name = req_env_dn | 57 distinguished_name = req_env_dn |
58 | 58 |
59 [req_env_dn] | 59 [req_env_dn] |
60 CN = ${ENV::CA_COMMON_NAME} | 60 CN = ${ENV::CA_COMMON_NAME} |
OLD | NEW |