2 # SSLeay example configuration file.
3 # This is mostly being used for generation of certificate requests.
6 RANDFILE = $ENV::HOME/.rnd
8 ####################################################################
10 default_ca = CA_default # The default ca section
12 ####################################################################
15 dir = ./demoCA # Where everything is kept
16 certs = $dir/certs # Where the issued certs are kept
17 crl_dir = $dir/crl # Where the issued crl are kept
18 database = $dir/index.txt # database index file.
19 new_certs_dir = $dir/newcerts # default place for new certs.
21 certificate = $dir/cacert.pem # The CA certificate
22 serial = $dir/serial # The current serial number
23 crl = $dir/crl.pem # The current CRL
24 private_key = $dir/private/cakey.pem# The private key
25 RANDFILE = $dir/private/.rand # private random number file
27 x509_extensions = x509v3_extensions # The extentions to add to the cert
28 default_days = 365 # how long to certify for
29 default_crl_days= 30 # how long before next CRL
30 default_md = md5 # which md to use.
31 preserve = no # keep passed DN ordering
33 # A few difference way of specifying how similar the request should look
34 # For type CA, the listed attributes must be the same, and the optional
35 # and supplied fields are just that :-)
41 stateOrProvinceName = match
42 organizationName = match
43 organizationalUnitName = optional
45 emailAddress = optional
47 # For the 'anything' policy
48 # At this point in time, you must list all acceptable 'object'
51 countryName = optional
52 stateOrProvinceName = optional
53 localityName = optional
54 organizationName = optional
55 organizationalUnitName = optional
57 emailAddress = optional
59 ####################################################################
62 default_keyfile = privkey.pem
63 distinguished_name = req_distinguished_name
64 attributes = req_attributes
66 [ req_distinguished_name ]
67 countryName = Country Name (2 letter code)
68 countryName_default = AU
72 stateOrProvinceName = State or Province Name (full name)
73 stateOrProvinceName_default = Some-State
75 localityName = Locality Name (eg, city)
77 0.organizationName = Organization Name (eg, company)
78 0.organizationName_default = Internet Widgits Pty Ltd
80 # we can do this but it is not needed normally :-)
81 #1.organizationName = Second Organization Name (eg, company)
82 #1.organizationName_default = CryptSoft Pty Ltd
84 organizationalUnitName = Organizational Unit Name (eg, section)
85 #organizationalUnitName_default =
87 commonName = Common Name (eg, YOUR name)
90 emailAddress = Email Address
94 challengePassword = A challenge password
95 challengePassword_min = 4
96 challengePassword_max = 20
98 unstructuredName = An optional company name
100 [ x509v3_extensions ]
102 nsCaRevocationUrl = http://www.cryptsoft.com/ca-crl.pem
103 nsComment = "This is a comment"
105 # under ASN.1, the 0 bit would be encoded as 80