OLD | NEW |
(Empty) | |
| 1 ID=1 |
| 2 CA_DIR=out |
| 3 |
| 4 [ca] |
| 5 default_ca = ca_settings |
| 6 preserve = yes |
| 7 |
| 8 [ca_settings] |
| 9 dir = ${ENV::CA_DIR} |
| 10 database = $dir/${ENV::ID}-index.txt |
| 11 new_certs_dir = $dir |
| 12 serial = $dir/${ENV::ID}-serial |
| 13 certificate = $dir/${ENV::ID}.pem |
| 14 private_key = $dir/${ENV::ID}.key |
| 15 RANDFILE = $dir/rand |
| 16 default_md = sha1 |
| 17 default_days = 3650 |
| 18 policy = policy_anything |
| 19 unique_subject = no |
| 20 copy_extensions = copy |
| 21 |
| 22 [policy_anything] |
| 23 # Default signing policy |
| 24 countryName = optional |
| 25 stateOrProvinceName = optional |
| 26 localityName = optional |
| 27 organizationName = optional |
| 28 organizationalUnitName = optional |
| 29 commonName = optional |
| 30 emailAddress = optional |
| 31 |
| 32 [req] |
| 33 default_bits = 2048 |
| 34 default_md = sha1 |
| 35 string_mask = utf8only |
| 36 prompt = no |
| 37 encrypt_key = no |
| 38 distinguished_name = req_env_dn |
| 39 |
| 40 [user_cert] |
| 41 # Extensions to add when signing a request for an EE cert |
| 42 basicConstraints = critical, CA:false |
| 43 extendedKeyUsage = serverAuth,clientAuth |
| 44 |
| 45 [ca_cert] |
| 46 # Extensions to add when signing a request for an intermediate/CA cert |
| 47 basicConstraints = critical, CA:true |
| 48 keyUsage = critical, keyCertSign, cRLSign |
| 49 |
| 50 [req_env_dn] |
| 51 CN = ${ENV::COMMON_NAME} |
OLD | NEW |