modules/cassiopeia/mkcassiopeia-openssl.cnf

   1 ####################################################################
   2 [ ca ]
   3 default_ca      = CA_default            # The default ca section
   4
   5 ####################################################################
   6 [ CA_default ]
   7
   8 dir             = ./demoCA              # Where everything is kept
   9 certs           = $dir/certs            # Where the issued certs are kept
  10 database        = $dir/index.txt        # database index file.
  11 unique_subject = no                     # Set to 'no' to allow creation of
  12                                         # several certificates with same subject.
  13 new_certs_dir   = $dir/newcerts         # default place for new certs.
  14
  15 certificate     = $dir/cacert.pem       # The CA certificate
  16 serial          = $dir/serial           # The current serial number
  17 RANDFILE        = $dir/private/.rand    # private random number file
  18
  19 # Extension copying option: use with caution.
  20 # copy_extensions = copy
  21
  22 default_days    = 365                   # how long to certify for
  23 default_crl_days= 30                    # how long before next CRL
  24 default_md      = default               # use public key default MD
  25 preserve        = no                    # keep passed DN ordering
  26
  27 [ policy_anything ]
  28 countryName             = optional
  29 stateOrProvinceName     = optional
  30 localityName            = optional
  31 organizationName        = optional
  32 organizationalUnitName  = optional
  33 commonName              = supplied
  34 emailAddress            = optional
  35
  36
  37
  38 [ v3_ca ]
  39 # Extensions for a typical CA
  40 # PKIX recommendation.
  41
  42 subjectKeyIdentifier=hash
  43 authorityKeyIdentifier=keyid:always,issuer
  44 basicConstraints = critical,CA:true