cam/templates/openssl_config

   1 RANDFILE = ${ENV::CAROOT}/.random
   2
   3 [ ca ]
   4 default_ca              = CA_default
   5 unique_subject          = no
   6
   7 [ CA_default ]
   8 dir                     = ${ENV::CAROOT}
   9 certs                   = $dir/public/certs
  10 crl_dir                 = $dir/public/crl
  11 crl                     = $dir/public/crl.pem
  12 crlnumber               = $dir/crlnumber
  13 database                = $dir/index
  14 serial                  = $dir/serial
  15 new_certs_dir           = $dir/newcerts
  16 certificate             = $dir/public/ca.pem
  17 private_key             = $dir/private/ca.key
  18 x509_extensions         = certificate_extensions
  19 email_in_dn             = no
  20 default_days            = %(default_days)s
  21 default_crl_days        = 31
  22 default_md              = sha1
  23 preserve                = yes
  24 policy                  = policy_match
  25
  26 [ policy_match ]
  27 countryName             = supplied
  28 organizationName        = supplied
  29 organizationalUnitName  = optional
  30 commonName              = supplied
  31 emailAddress            = optional
  32
  33 [ policy_anything ]
  34 countryName             = optional
  35 organizationName        = optional
  36 organizationalUnitName  = optional
  37 commonName              = supplied
  38 emailAddress            = optional
  39
  40 [ req ]
  41 default_bits            = %(bits)s
  42 default_md              = sha1
  43 distinguished_name      = req_distinguished_name
  44 attributes              = req_attributes
  45 x509_extensions         = v3_ca
  46 string_mask             = nombstr
  47
  48 [ req_distinguished_name ]
  49 countryName                     = Country Name
  50 countryName_default             = "%(country)s"
  51 countryName_min                 = 2
  52 countryName_max                 = 2
  53 0.organizationName              = Organization Name
  54 0.organizationName_default      = "%(org)s"
  55 organizationalUnitName          = Organizational Unit Name
  56 organizationalUnitName_default  = "%(ou)s"
  57 commonName                      = Common Name
  58 commonName_max                  = 64
  59 commonName_default              = "%(cn)s"
  60 SET-ex3                         = SET extension number 3
  61
  62 [ req_attributes ]
  63
  64 [ certificate_extensions ]
  65
  66 [ v3_ca ]
  67 subjectKeyIdentifier    = hash
  68 authorityKeyIdentifier  = keyid:always,issuer:always
  69 basicConstraints        = critical, CA:true
  70 keyUsage                = cRLSign, keyCertSign
  71 nsCertType              = sslCA, emailCA, objCA
  72 nsComment               = "%(cn)s"
  73 subjectAltName          = @ca_alt_name
  74 issuerAltName           = issuer:copy
  75
  76 [ ca_alt_name ]
  77 email = "%(email)s"