2 # SSLeay example configuration file.
3 # This is mostly being used for generation of certificate requests.
6 RANDFILE = $ENV::HOME/.rnd
7 oid_file = $ENV::HOME/.oid
9 ####################################################################
11 default_ca = CA_default # The default ca section
13 ####################################################################
16 dir = ./demoCA # Where everything is kept
17 certs = $dir/certs # Where the issued certs are kept
18 crl_dir = $dir/crl # Where the issued crl are kept
19 database = $dir/index.txt # database index file.
20 new_certs_dir = $dir/newcerts # default place for new certs.
22 certificate = $dir/cacert.pem # The CA certificate
23 serial = $dir/serial # The current serial number
24 crl = $dir/crl.pem # The current CRL
25 private_key = $dir/private/cakey.pem# The private key
26 RANDFILE = $dir/private/.rand # private random number file
28 x509_extensions = x509v3_extensions # The extentions to add to the cert
29 default_days = 365 # how long to certify for
30 default_crl_days= 30 # how long before next CRL
31 default_md = md5 # which md to use.
32 preserve = no # keep passed DN ordering
34 # A few difference way of specifying how similar the request should look
35 # For type CA, the listed attributes must be the same, and the optional
36 # and supplied fields are just that :-)
42 stateOrProvinceName = match
43 organizationName = match
44 organizationalUnitName = optional
46 emailAddress = optional
48 # For the 'anything' policy
49 # At this point in time, you must list all acceptable 'object'
52 countryName = optional
53 stateOrProvinceName = optional
54 localityName = optional
55 organizationName = optional
56 organizationalUnitName = optional
58 emailAddress = optional
60 ####################################################################
63 default_keyfile = privkey.pem
64 distinguished_name = req_distinguished_name
65 attributes = req_attributes
67 [ req_distinguished_name ]
68 countryName = Country Name (2 letter code)
69 countryName_default = AU
73 stateOrProvinceName = State or Province Name (full name)
74 stateOrProvinceName_default = Some-State
76 localityName = Locality Name (eg, city)
78 0.organizationName = Organization Name (eg, company)
79 0.organizationName_default = Internet Widgits Pty Ltd
81 # we can do this but it is not needed normally :-)
82 #1.organizationName = Second Organization Name (eg, company)
83 #1.organizationName_default = CryptSoft Pty Ltd
85 organizationalUnitName = Organizational Unit Name (eg, section)
86 #organizationalUnitName_default =
88 commonName = Common Name (eg, YOUR name)
91 emailAddress = Email Address
94 SET-ex3 = SET extension number 3
97 challengePassword = A challenge password
98 challengePassword_min = 4
99 challengePassword_max = 20
101 unstructuredName = An optional company name
103 [ x509v3_extensions ]
105 nsCaRevocationUrl = http://www.cryptsoft.com/ca-crl.pem
106 nsComment = "This is a comment"
108 # under ASN.1, the 0 bit would be encoded as 80