1 ####################################################################
3 default_ca = CA_default # The default ca section
5 ####################################################################
8 dir = ./demoCA # Where everything is kept
9 certs = $dir/certs # Where the issued certs are kept
10 database = $dir/index.txt # database index file.
11 unique_subject = no # Set to 'no' to allow creation of
12 # several certificates with same subject.
13 new_certs_dir = $dir/newcerts # default place for new certs.
15 certificate = $dir/cacert.pem # The CA certificate
16 serial = $dir/serial # The current serial number
17 RANDFILE = $dir/private/.rand # private random number file
19 # Extension copying option: use with caution.
20 # copy_extensions = copy
22 default_days = 365 # how long to certify for
23 default_crl_days= 30 # how long before next CRL
24 default_md = default # use public key default MD
25 preserve = no # keep passed DN ordering
28 countryName = optional
29 stateOrProvinceName = optional
30 localityName = optional
31 organizationName = optional
32 organizationalUnitName = optional
34 emailAddress = optional
39 # Extensions for a typical CA
40 # PKIX recommendation.
42 subjectKeyIdentifier=hash
43 authorityKeyIdentifier=keyid:always,issuer
44 basicConstraints = critical,CA:true