upgrade to CAM v2.0
[stack/cam.git] / cam / templates / openssl_config
1 RANDFILE = %(basedir)s/.random
2
3 [ ca ]
4 default_ca              = CA_default
5
6 [ CA_default ]
7 dir                     = %(basedir)s
8 certs                   = $dir/public/certs
9 crl_dir                 = $dir/public/crl
10 crl                     = $dir/public/crl.pem
11 crlnumber               = $dir/crlnumber
12 database                = $dir/index
13 serial                  = $dir/serial
14 new_certs_dir           = $dir/newcerts
15 certificate             = $dir/public/ca.pem
16 private_key             = $dir/private/ca.key
17 x509_extensions         = certificate_extensions
18 email_in_dn             = no
19 default_days            = %(default_days)s
20 default_crl_days        = 31
21 default_md              = sha1
22 preserve                = yes
23 policy                  = policy_match
24
25 [ policy_match ]
26 countryName             = supplied
27 organizationName        = supplied
28 organizationalUnitName  = optional
29 commonName              = supplied
30 emailAddress            = supplied
31
32 [ policy_anything ]
33 countryName             = optional
34 organizationName        = optional
35 organizationalUnitName  = optional
36 commonName              = supplied
37 emailAddress            = optional
38
39 [ req ]
40 default_bits            = %(bits)s
41 default_md              = sha1
42 distinguished_name      = req_distinguished_name
43 attributes              = req_attributes
44 x509_extensions         = v3_ca
45 string_mask             = nombstr
46
47 [ req_distinguished_name ]
48 countryName                     = Country Name
49 countryName_default             = "%(country)s"
50 countryName_min                 = 2
51 countryName_max                 = 2
52 0.organizationName              = Organization Name
53 0.organizationName_default      = "%(org)s"
54 organizationalUnitName          = Organizational Unit Name
55 organizationalUnitName_default  = "%(ou)s"
56 commonName                      = Common Name
57 commonName_max                  = 64
58 commonName_default              = "%(cn)s"
59 emailAddress                    = Email Address
60 emailAddress_max                = 60
61 emailAddress_default            = "%(email)s"
62 SET-ex3                         = SET extension number 3
63
64 [ req_attributes ]
65
66 [ certificate_extensions ]
67
68 [ v3_ca ]
69 subjectKeyIdentifier    = hash
70 authorityKeyIdentifier  = keyid:always,issuer:always
71 basicConstraints        = critical, CA:true
72 keyUsage                = cRLSign, keyCertSign
73 nsCertType              = sslCA, emailCA, objCA
74 nsComment               = "%(cn)s"
75 subjectAltName          = email:copy
76 issuerAltName           = issuer:copy
77