| 1 |
|
|---|
| 2 | ####################################################################
|
|---|
| 3 | [ ca ]
|
|---|
| 4 | default_ca = CA_default # The default ca section
|
|---|
| 5 |
|
|---|
| 6 | ####################################################################
|
|---|
| 7 | [ CA_default ]
|
|---|
| 8 |
|
|---|
| 9 | dir = ./demoCA # Where everything is kept
|
|---|
| 10 | certs = $dir/certs # Where the issued certs are kept
|
|---|
| 11 | crl_dir = $dir/crl # Where the issued crl are kept
|
|---|
| 12 | database = $dir/index.txt # database index file.
|
|---|
| 13 | new_certs_dir = $dir/new_certs # default place for new certs.
|
|---|
| 14 |
|
|---|
| 15 | certificate = $dir/CAcert.pem # The CA certificate
|
|---|
| 16 | serial = $dir/serial # The current serial number
|
|---|
| 17 | crl = $dir/crl.pem # The current CRL
|
|---|
| 18 | private_key = $dir/private/CAkey.pem# The private key
|
|---|
| 19 |
|
|---|
| 20 | default_days = 365 # how long to certify for
|
|---|
| 21 | default_crl_days= 30 # how long before next CRL
|
|---|
| 22 | default_md = md5 # which md to use.
|
|---|
| 23 |
|
|---|
| 24 | # A few difference way of specifying how similar the request should look
|
|---|
| 25 | # For type CA, the listed attributes must be the same, and the optional
|
|---|
| 26 | # and supplied fields are just that :-)
|
|---|
| 27 | policy = policy_match
|
|---|
| 28 |
|
|---|
| 29 | # For the CA policy
|
|---|
| 30 | [ policy_match ]
|
|---|
| 31 | countryName = match
|
|---|
| 32 | stateOrProvinceName = match
|
|---|
| 33 | organizationName = match
|
|---|
| 34 | organizationalUnitName = optional
|
|---|
| 35 | commonName = supplied
|
|---|
| 36 | emailAddress = optional
|
|---|
| 37 |
|
|---|
| 38 | # For the 'anything' policy
|
|---|
| 39 | # At this point in time, you must list all acceptable 'object'
|
|---|
| 40 | # types.
|
|---|
| 41 | [ policy_anything ]
|
|---|
| 42 | countryName = optional
|
|---|
| 43 | stateOrProvinceName = optional
|
|---|
| 44 | localityName = optional
|
|---|
| 45 | organizationName = optional
|
|---|
| 46 | organizationalUnitName = optional
|
|---|
| 47 | commonName = supplied
|
|---|
| 48 | emailAddress = optional
|
|---|
| 49 |
|
|---|
| 50 | ####################################################################
|
|---|
| 51 | [ req ]
|
|---|
| 52 | distinguished_name = req_distinguished_name
|
|---|
| 53 | encrypt_rsa_key = no
|
|---|
| 54 |
|
|---|
| 55 | # Make altreq be identical to req
|
|---|
| 56 | [ altreq ]
|
|---|
| 57 | distinguished_name = req_distinguished_name
|
|---|
| 58 | encrypt_rsa_key = no
|
|---|
| 59 |
|
|---|
| 60 | [ req_distinguished_name ]
|
|---|
| 61 | countryName = C field
|
|---|
| 62 | countryName_value = AU
|
|---|
| 63 | stateOrProvinceName = SP field
|
|---|
| 64 | stateOrProvinceName_value =
|
|---|
| 65 | localityName = L field
|
|---|
| 66 | localityName_value = Brisbane
|
|---|
| 67 | organizationName = O field
|
|---|
| 68 | organizationName_value = CryptSoft Pty Ltd
|
|---|
| 69 | organizationalUnitName = OU field
|
|---|
| 70 | organizationalUnitName_value = .
|
|---|
| 71 | commonName = CN field
|
|---|
| 72 | commonName_value = Eric Young
|
|---|
| 73 | emailAddress = email field
|
|---|
| 74 | emailAddress_value = eay@mincom.oz.au
|
|---|
