cacert-devsetup/docker/signer-config/openssl-server.cnf

[ ca ]
default_ca             = CA_default               # The default ca section

[ CA_default ]
dir                    = /srv/ca/CA               # Where everything is kept
certs                  = $dir/certs               # Where the issued certs are kept
crl_dir                = $dir/crl                 # Where the issued crl are kept
crlnumber              = $dir/crlnumber           # Where the current CRL-number is stored (bug-1438)
database               = $dir/index.txt           # database index file.
new_certs_dir          = $dir/newcerts            # default place for new certs.
certificate            = $dir/ca.crt.pem          # The CA certificate
serial                 = $dir/serial              # The current serial number
crl                    = $dir/crl.pem             # The current CRL
private_key            = $dir/private/ca.key.pem  # The private key
RANDFILE               = $dir/private/.rand       # private random number file
x509_extensions        = usr_cert                 # The extentions to add to the cert
default_days           = 200                      # how long to certify for
default_crl_days       = 30                       # how long before next CRL
default_md             = sha512                   # which md to use.
preserve               = no                       # keep passed DN ordering
policy                 = policy_anything

[ policy_anything ]
commonName             = optional
subjectAltName         = optional

[ usr_cert ]
basicConstraints       = critical,CA:FALSE
keyUsage               = critical,digitalSignature,keyEncipherment,keyAgreement
extendedKeyUsage       = clientAuth,serverAuth,nsSGC,msSGC
authorityInfoAccess    = OCSP;URI:http://ocsp.cacert.localhost
crlDistributionPoints  = URI:http://crl.cacert.localhost/revoke.crl

[ crl_ext ]
Add signer configuration 2020-12-23 22:14:13 +01:00			`[ ca ]`
			`default_ca = CA_default # The default ca section`

			`[ CA_default ]`
			`dir = /srv/ca/CA # Where everything is kept`
			`certs = $dir/certs # Where the issued certs are kept`
			`crl_dir = $dir/crl # Where the issued crl are kept`
			`crlnumber = $dir/crlnumber # Where the current CRL-number is stored (bug-1438)`
			`database = $dir/index.txt # database index file.`
			`new_certs_dir = $dir/newcerts # default place for new certs.`
			`certificate = $dir/ca.crt.pem # The CA certificate`
			`serial = $dir/serial # The current serial number`
			`crl = $dir/crl.pem # The current CRL`
			`private_key = $dir/private/ca.key.pem # The private key`
			`RANDFILE = $dir/private/.rand # private random number file`
			`x509_extensions = usr_cert # The extentions to add to the cert`
			`default_days = 200 # how long to certify for`
			`default_crl_days = 30 # how long before next CRL`
			`default_md = sha512 # which md to use.`
			`preserve = no # keep passed DN ordering`
			`policy = policy_anything`

			`[ policy_anything ]`
			`commonName = optional`
			`subjectAltName = optional`

			`[ usr_cert ]`
			`basicConstraints = critical,CA:FALSE`
			`keyUsage = critical,digitalSignature,keyEncipherment,keyAgreement`
			`extendedKeyUsage = clientAuth,serverAuth,nsSGC,msSGC`
			`authorityInfoAccess = OCSP;URI:http://ocsp.cacert.localhost`
			`crlDistributionPoints = URI:http://crl.cacert.localhost/revoke.crl`

			`[ crl_ext ]`