| # OpenSSL configuration file for Suite B |
| |
| HOME = . |
| RANDFILE = $ENV::HOME/.rnd |
| oid_section = new_oids |
| |
| [ new_oids ] |
| |
| [ ca ] |
| default_ca = CA_default |
| |
| [ CA_default ] |
| |
| dir = ./ec-ca |
| certs = $dir/certs |
| crl_dir = $dir/crl |
| database = $dir/index.txt |
| #unique_subject = no |
| new_certs_dir = $dir/newcerts |
| certificate = $dir/cacert.pem |
| serial = $dir/serial |
| crlnumber = $dir/crlnumber |
| crl = $dir/crl.pem |
| private_key = $dir/private/cakey.pem |
| RANDFILE = $dir/private/.rand |
| |
| x509_extensions = ext_client |
| |
| name_opt = ca_default |
| cert_opt = ca_default |
| |
| copy_extensions = copy |
| |
| default_days = 365 |
| default_crl_days= 30 |
| default_md = default |
| preserve = no |
| |
| policy = policy_match |
| |
| [ policy_match ] |
| countryName = match |
| stateOrProvinceName = optional |
| organizationName = match |
| organizationalUnitName = optional |
| commonName = supplied |
| #emailAddress = optional |
| |
| [ policy_anything ] |
| countryName = optional |
| stateOrProvinceName = optional |
| localityName = optional |
| organizationName = optional |
| organizationalUnitName = optional |
| commonName = supplied |
| #emailAddress = optional |
| |
| [ req ] |
| distinguished_name = req_distinguished_name |
| attributes = req_attributes |
| x509_extensions = v3_ca |
| |
| string_mask = utf8only |
| |
| [ req_distinguished_name ] |
| countryName = Country Name (2 letter code) |
| countryName_default = FI |
| countryName_min = 2 |
| countryName_max = 2 |
| |
| localityName = Locality Name (eg, city) |
| localityName_default = Helsinki |
| |
| 0.organizationName = Organization Name (eg, company) |
| 0.organizationName_default = w1.fi |
| |
| commonName = Common Name (e.g. server FQDN or YOUR name) |
| #@CN@ |
| commonName_max = 64 |
| |
| [ req_attributes ] |
| |
| [ v3_ca ] |
| |
| subjectKeyIdentifier=hash |
| authorityKeyIdentifier=keyid:always,issuer |
| basicConstraints = critical, CA:true, pathlen:0 |
| keyUsage = critical, cRLSign, keyCertSign |
| |
| [ crl_ext ] |
| |
| # issuerAltName=issuer:copy |
| authorityKeyIdentifier=keyid:always |
| |
| [ ext_client ] |
| |
| basicConstraints=CA:FALSE |
| subjectKeyIdentifier=hash |
| authorityKeyIdentifier=keyid,issuer |
| #@ALTNAME@ |
| extendedKeyUsage = clientAuth |
| keyUsage = digitalSignature, keyEncipherment |
| |
| [ ext_server ] |
| |
| basicConstraints=critical, CA:FALSE |
| subjectKeyIdentifier=hash |
| authorityKeyIdentifier=keyid,issuer |
| #@ALTNAME@ |
| extendedKeyUsage = critical, serverAuth |
| keyUsage = digitalSignature, keyEncipherment |