cam/templates/openssl_config

   1 RANDFILE = ${ENV::CAROOT}/.random
   2
   3 [ ca ]
   4 default_ca              = CA_default
   5
   6 [ CA_default ]
   7 dir                     = ${ENV::CAROOT}
   8 certs                   = $dir/public/certs
   9 crl_dir                 = $dir/public/crl
  10 crl                     = $dir/public/crl.pem
  11 crlnumber               = $dir/crlnumber
  12 database                = $dir/index
  13 serial                  = $dir/serial
  14 new_certs_dir           = $dir/newcerts
  15 certificate             = $dir/public/ca.pem
  16 private_key             = $dir/private/ca.key
  17 x509_extensions         = certificate_extensions
  18 email_in_dn             = no
  19 default_days            = %(default_days)s
  20 default_crl_days        = 31
  21 default_md              = sha1
  22 preserve                = yes
  23 policy                  = policy_match
  24
  25 [ policy_match ]
  26 countryName             = supplied
  27 organizationName        = supplied
  28 organizationalUnitName  = optional
  29 commonName              = supplied
  30 emailAddress            = optional
  31
  32 [ policy_anything ]
  33 countryName             = optional
  34 organizationName        = optional
  35 organizationalUnitName  = optional
  36 commonName              = supplied
  37 emailAddress            = optional
  38
  39 [ req ]
  40 default_bits            = %(bits)s
  41 default_md              = sha1
  42 distinguished_name      = req_distinguished_name
  43 attributes              = req_attributes
  44 x509_extensions         = v3_ca
  45 string_mask             = nombstr
  46
  47 [ req_distinguished_name ]
  48 countryName                     = Country Name
  49 countryName_default             = "%(country)s"
  50 countryName_min                 = 2
  51 countryName_max                 = 2
  52 0.organizationName              = Organization Name
  53 0.organizationName_default      = "%(org)s"
  54 organizationalUnitName          = Organizational Unit Name
  55 organizationalUnitName_default  = "%(ou)s"
  56 commonName                      = Common Name
  57 commonName_max                  = 64
  58 commonName_default              = "%(cn)s"
  59 SET-ex3                         = SET extension number 3
  60
  61 [ req_attributes ]
  62
  63 [ certificate_extensions ]
  64
  65 [ v3_ca ]
  66 subjectKeyIdentifier    = hash
  67 authorityKeyIdentifier  = keyid:always,issuer:always
  68 basicConstraints        = critical, CA:true
  69 keyUsage                = cRLSign, keyCertSign
  70 nsCertType              = sslCA, emailCA, objCA
  71 nsComment               = "%(cn)s"
  72 subjectAltName          = @ca_alt_name
  73 issuerAltName           = issuer:copy
  74
  75 [ ca_alt_name ]
  76 email = "%(email)s"