test/ca-and-certs.cnf

   1
   2 CN2 = Brother 2
   3
   4 ####################################################################
   5 [ req ]
   6 default_bits            = 2048
   7 default_keyfile         = keySS.pem
   8 distinguished_name      = req_distinguished_name
   9 encrypt_rsa_key         = no
  10 default_md              = sha1
  11
  12 [ req_distinguished_name ]
  13 countryName                     = Country Name (2 letter code)
  14 countryName_value               = AU
  15 organizationName                = Organization Name (eg, company)
  16 organizationName_value          = Dodgy Brothers
  17 commonName                      = Common Name (eg, YOUR name)
  18 commonName_value                = Dodgy CA
  19
  20 ####################################################################
  21 [ userreq ]
  22 default_bits            = 2048
  23 default_keyfile         = keySS.pem
  24 distinguished_name      = user_dn
  25 encrypt_rsa_key         = no
  26 default_md              = sha256
  27 prompt                  = no
  28
  29 [ user_dn ]
  30 countryName             = AU
  31 organizationName        = Dodgy Brothers
  32 0.commonName            = Brother 1
  33 1.commonName            = $ENV::CN2
  34
  35 [ v3_ee ]
  36 subjectKeyIdentifier    = hash
  37 authorityKeyIdentifier  = keyid,issuer:always
  38 basicConstraints        = CA:false
  39 keyUsage                = nonRepudiation, digitalSignature, keyEncipherment
  40
  41 [ v3_ee_dsa ]
  42 subjectKeyIdentifier    = hash
  43 authorityKeyIdentifier  = keyid:always
  44 basicConstraints        = CA:false
  45 keyUsage                = nonRepudiation, digitalSignature
  46
  47 [ v3_ee_ec ]
  48 subjectKeyIdentifier    = hash
  49 authorityKeyIdentifier  = keyid:always
  50 basicConstraints        = CA:false
  51 keyUsage                = nonRepudiation, digitalSignature, keyAgreement
  52
  53 ####################################################################
  54 [ ca ]
  55 default_ca      = CA_default
  56
  57 [ CA_default ]
  58 dir             = ./demoCA
  59 certs           = $dir/certs
  60 crl_dir         = $dir/crl
  61 database        = $dir/index.txt
  62 new_certs_dir   = $dir/newcerts
  63 certificate     = $dir/cacert.pem
  64 serial          = $dir/serial
  65 crl             = $dir/crl.pem
  66 private_key     = $dir/private/cakey.pem
  67 x509_extensions = v3_ca
  68 name_opt        = ca_default
  69 cert_opt        = ca_default
  70 default_days    = 365
  71 default_crl_days= 30
  72 default_md      = sha1
  73 preserve        = no
  74 policy          = policy_anything
  75
  76 [ policy_anything ]
  77 countryName             = optional
  78 stateOrProvinceName     = optional
  79 localityName            = optional
  80 organizationName        = optional
  81 organizationalUnitName  = optional
  82 commonName              = supplied
  83 emailAddress            = optional
  84
  85 [ v3_ca ]
  86 subjectKeyIdentifier    = hash
  87 authorityKeyIdentifier  = keyid:always,issuer:always
  88 basicConstraints        = critical,CA:true,pathlen:1
  89 keyUsage                = cRLSign, keyCertSign
  90 issuerAltName           = issuer:copy