1# OpenSSL configuration file for Suite B 2 3HOME = . 4RANDFILE = $ENV::HOME/.rnd 5oid_section = new_oids 6 7[ new_oids ] 8 9[ ca ] 10default_ca = CA_default 11 12[ CA_default ] 13 14dir = ./ec-ca 15certs = $dir/certs 16crl_dir = $dir/crl 17database = $dir/index.txt 18unique_subject = no 19new_certs_dir = $dir/newcerts 20certificate = $dir/cacert.pem 21serial = $dir/serial 22crlnumber = $dir/crlnumber 23crl = $dir/crl.pem 24private_key = $dir/private/cakey.pem 25RANDFILE = $dir/private/.rand 26 27x509_extensions = ext_client 28 29name_opt = ca_default 30cert_opt = ca_default 31 32copy_extensions = copy 33 34default_days = 3650 35default_crl_days= 30 36default_md = default 37preserve = no 38 39policy = policy_match 40 41[ policy_match ] 42countryName = match 43stateOrProvinceName = optional 44organizationName = match 45organizationalUnitName = optional 46commonName = supplied 47#emailAddress = optional 48 49[ policy_anything ] 50countryName = optional 51stateOrProvinceName = optional 52localityName = optional 53organizationName = optional 54organizationalUnitName = optional 55commonName = supplied 56#emailAddress = optional 57 58[ req ] 59distinguished_name = req_distinguished_name 60attributes = req_attributes 61x509_extensions = v3_ca 62 63string_mask = utf8only 64 65[ req_distinguished_name ] 66countryName = Country Name (2 letter code) 67countryName_default = FI 68countryName_min = 2 69countryName_max = 2 70 71localityName = Locality Name (eg, city) 72localityName_default = Helsinki 73 740.organizationName = Organization Name (eg, company) 750.organizationName_default = w1.fi 76 77commonName = Common Name (e.g. server FQDN or YOUR name) 78#@CN@ 79commonName_max = 64 80 81[ req_attributes ] 82 83[ v3_ca ] 84 85subjectKeyIdentifier=hash 86authorityKeyIdentifier=keyid:always,issuer 87basicConstraints = critical, CA:true, pathlen:0 88keyUsage = critical, cRLSign, keyCertSign 89 90[ crl_ext ] 91 92# issuerAltName=issuer:copy 93authorityKeyIdentifier=keyid:always 94 95[ ext_client ] 96 97basicConstraints=CA:FALSE 98subjectKeyIdentifier=hash 99authorityKeyIdentifier=keyid,issuer 100#@ALTNAME@ 101extendedKeyUsage = clientAuth 102keyUsage = digitalSignature, keyEncipherment 103 104[ ext_server ] 105 106basicConstraints=critical, CA:FALSE 107subjectKeyIdentifier=hash 108authorityKeyIdentifier=keyid,issuer 109#@ALTNAME@ 110extendedKeyUsage = critical, serverAuth 111keyUsage = digitalSignature, keyEncipherment 112
