4 ####################################################################
7 default_keyfile = keySS.pem
8 distinguished_name = req_distinguished_name
12 [ req_distinguished_name ]
13 countryName = Country Name (2 letter code)
14 countryName_value = AU
15 organizationName = Organization Name (eg, company)
16 organizationName_value = Dodgy Brothers
17 commonName = Common Name (eg, YOUR name)
18 commonName_value = Dodgy CA
20 ####################################################################
23 default_keyfile = keySS.pem
24 distinguished_name = user_dn
31 organizationName = Dodgy Brothers
32 0.commonName = Brother 1
33 1.commonName = $ENV::CN2
36 subjectKeyIdentifier = hash
37 authorityKeyIdentifier = keyid,issuer:always
38 basicConstraints = CA:false
39 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
42 subjectKeyIdentifier = hash
43 authorityKeyIdentifier = keyid:always
44 basicConstraints = CA:false
45 keyUsage = nonRepudiation, digitalSignature
48 subjectKeyIdentifier = hash
49 authorityKeyIdentifier = keyid:always
50 basicConstraints = CA:false
51 keyUsage = nonRepudiation, digitalSignature, keyAgreement
53 ####################################################################
55 default_ca = CA_default
61 database = $dir/index.txt
62 new_certs_dir = $dir/newcerts
63 certificate = $dir/cacert.pem
66 private_key = $dir/private/cakey.pem
67 x509_extensions = v3_ca
74 policy = policy_anything
77 countryName = optional
78 stateOrProvinceName = optional
79 localityName = optional
80 organizationName = optional
81 organizationalUnitName = optional
83 emailAddress = optional
86 subjectKeyIdentifier = hash
87 authorityKeyIdentifier = keyid:always,issuer:always
88 basicConstraints = critical,CA:true,pathlen:1
89 keyUsage = cRLSign, keyCertSign
90 issuerAltName = issuer:copy