keys/selfsign.config

   1 [req]
   2 distinguished_name=dn
   3 #req_extensions=ext
   4
   5 [dn]
   6 commonName = cn
   7
   8 [ext]
   9 subjectAltName=
  10
  11 [ca]
  12 default_ca=ca1
  13
  14 [ca1]
  15 new_certs_dir=testca/newcerts
  16 database=testca/db
  17 serial=testca/serial
  18 default_md=sha256
  19 email_in_dn=salat
  20 policy=ca1_pol
  21 #default_days=365
  22 x509_extensions = v3_ca
  23
  24
  25
  26 [ v3_ca ]
  27
  28 basicConstraints        = critical, CA:FALSE
  29 keyUsage                = critical, digitalSignature, keyEncipherment, keyAgreement
  30 extendedKeyUsage        = clientAuth, serverAuth, nsSGC, msSGC
  31
  32
  33 [ca1_pol]
  34 commonName              = optional
  35 subjectAltName          = optional