Index: net/data/ssl/certificates/openssl_ca.cnf |
diff --git a/net/data/ssl/certificates/openssl_ca.cnf b/net/data/ssl/certificates/openssl_ca.cnf |
new file mode 100644 |
index 0000000000000000000000000000000000000000..103b80a896e416325458f336889e54096b1c74df |
--- /dev/null |
+++ b/net/data/ssl/certificates/openssl_ca.cnf |
@@ -0,0 +1,72 @@ |
+[ca] |
+default_ca = CA_root |
+preserve = yes |
+ |
+# The default test root, used to generate certificates and CRLs. |
+[CA_root] |
+dir = ./root_ca |
+database = $dir/index.txt |
+new_certs_dir = $dir/newcerts |
+serial = $dir/serial |
+certificate = $dir/cacert.pem |
+private_key = $dir/private/cacert.key |
+RANDFILE = $dir/private/.rand |
+default_days = 365 |
+default_crl_days = 30 |
+default_md = sha1 |
+policy = policy_anything |
+unique_subject = no |
+copy_extensions = copy |
+ |
+[user_cert] |
+# Extensions to add when signing a request for an EE cert |
+basicConstraints = critical, CA:false |
+subjectKeyIdentifier = hash |
+authorityKeyIdentifier = keyid:always |
+extendedKeyUsage = serverAuth,clientAuth |
+ |
+[ca_cert] |
+# Extensions to add when signing a request for an intermediate/CA cert |
+basicConstraints = critical, CA:true |
+subjectKeyIdentifier = hash |
+authorityKeyIdentifier = keyid:always |
+keyUsage = critical, keyCertSign, cRLSign |
+ |
+[crl_extensions] |
+# Extensions to add when signing a CRL |
+authorityKeyIdentifier = keyid:always |
+ |
+[policy_anything] |
+# Default signing policy |
+countryName = optional |
+stateOrProvinceName = optional |
+localityName = optional |
+organizationName = optional |
+organizationalUnitName = optional |
+commonName = optional |
+emailAddress = optional |
+ |
+[req] |
+# The request section used to generate the root CA certificate. This should |
+# not be used to generate end-entity certificates. For certificates other |
+# than the root CA, see README to find the appropriate configuration file |
+# (ie: openssl_cert.cnf). |
+default_bits = 1024 |
+default_md = sha1 |
+string_mask = utf8only |
+prompt = no |
+encrypt_key = no |
+distinguished_name = req_ca_dn |
+x509_extensions = req_ca_exts |
+ |
+[req_ca_dn] |
+C = US |
+ST = California |
+L = Mountain View |
+O = Test CA |
+CN = Test Root CA |
+ |
+[req_ca_exts] |
+basicConstraints = critical, CA:true |
+keyUsage = critical, keyCertSign, cRLSign |
+subjectKeyIdentifier = hash |