1 RANDFILE = %(basedir)s/.random
4 default_ca = CA_default
8 certs = $dir/public/certs
9 crl_dir = $dir/public/crl
10 crl = $dir/public/crl.pem
11 crlnumber = $dir/crlnumber
14 new_certs_dir = $dir/newcerts
15 certificate = $dir/public/ca.pem
16 private_key = $dir/private/ca.key
17 x509_extensions = certificate_extensions
19 default_days = %(default_days)s
26 countryName = supplied
27 organizationName = supplied
28 organizationalUnitName = optional
30 emailAddress = supplied
33 countryName = optional
34 organizationName = optional
35 organizationalUnitName = optional
37 emailAddress = optional
40 default_bits = %(bits)s
42 distinguished_name = req_distinguished_name
43 attributes = req_attributes
44 x509_extensions = v3_ca
47 [ req_distinguished_name ]
48 countryName = Country Name
49 countryName_default = "%(country)s"
52 0.organizationName = Organization Name
53 0.organizationName_default = "%(org)s"
54 organizationalUnitName = Organizational Unit Name
55 organizationalUnitName_default = "%(ou)s"
56 commonName = Common Name
58 commonName_default = "%(cn)s"
59 emailAddress = Email Address
61 emailAddress_default = "%(email)s"
62 SET-ex3 = SET extension number 3
66 [ certificate_extensions ]
69 subjectKeyIdentifier = hash
70 authorityKeyIdentifier = keyid:always,issuer:always
71 basicConstraints = critical, CA:true
72 keyUsage = cRLSign, keyCertSign
73 nsCertType = sslCA, emailCA, objCA
75 subjectAltName = email:copy
76 issuerAltName = issuer:copy