2 openssl_conf_template = '''
3 RANDFILE = %(ca_dir)s/.random
6 default_ca = CA_default
10 certs = $dir/public/certs
11 crl_dir = $dir/public/crl
12 crl = $dir/public/crl.pem
15 new_certs_dir = $dir/newcerts
16 certificate = $dir/public/ca.pem
17 private_key = $dir/private/ca.key
18 x509_extensions = certificate_extensions
20 default_days = %(default_days)s
27 countryName = supplied
28 organizationName = supplied
29 organizationalUnitName = optional
31 emailAddress = supplied
34 countryName = optional
35 organizationName = optional
36 organizationalUnitName = optional
38 emailAddress = optional
43 distinguished_name = req_distinguished_name
44 attributes = req_attributes
45 x509_extensions = v3_ca
48 [ req_distinguished_name ]
49 countryName = Country Name
50 countryName_default = "%(country)s"
53 0.organizationName = Organization Name
54 0.organizationName_default = "%(org)s"
55 organizationalUnitName = Organizational Unit Name
56 organizationalUnitName_default = "%(ou)s"
57 commonName = Common Name
59 commonName_default = "%(cn)s"
60 emailAddress = Email Address
62 emailAddress_default = "%(email)s"
63 SET-ex3 = SET extension number 3
67 [ certificate_extensions ]
70 subjectKeyIdentifier = hash
71 authorityKeyIdentifier = keyid:always,issuer:always
72 basicConstraints = critical, CA:true
73 keyUsage = cRLSign, keyCertSign
74 nsCertType = sslCA, emailCA, objCA
76 subjectAltName = email:copy
77 issuerAltName = issuer:copy
82 basicConstraints = CA:false
83 nsCertType = client, server
84 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
85 extendedKeyUsage = clientAuth, serverAuth
86 nsComment = "%(ca_name)s"
87 subjectKeyIdentifier = hash
88 authorityKeyIdentifier = keyid, issuer:always
89 subjectAltName = @subject_alt_name
90 issuerAltName = issuer:copy
91 nsCaRevocationUrl = %(ca_base_url)s/crl.pem
92 nsRevocationUrl = %(ca_base_url)s/crl.pem
93 crlDistributionPoints = @cdp_section
100 URI.1 = %(ca_base_url)s/crl.pem
v.licheni.net / stack / cam.git / blob