2011-05-03 21:01:18 +02:00
|
|
|
# Request configuration for CA certificate
|
|
|
|
#
|
|
|
|
# Author: Jan Dittberner <jan@dittberner.info>
|
|
|
|
# Date: 2011-05-03
|
|
|
|
|
2011-05-04 22:06:25 +02:00
|
|
|
RANDFILE = $ENV::HOME/ca/.rnd
|
2011-05-03 21:01:18 +02:00
|
|
|
|
|
|
|
[ req ]
|
2011-05-04 22:06:25 +02:00
|
|
|
default_bits = 2048
|
|
|
|
distinguished_name = req_distinguished_name
|
|
|
|
x509_extensions = v3_ca_ext
|
2011-05-03 21:01:18 +02:00
|
|
|
|
|
|
|
# This sets a mask for permitted string types. There are several options.
|
|
|
|
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
|
2011-05-04 22:06:25 +02:00
|
|
|
string_mask = nombstr
|
2011-05-03 21:01:18 +02:00
|
|
|
|
|
|
|
[ req_distinguished_name ]
|
2011-05-04 22:06:25 +02:00
|
|
|
countryName = Country Name (2 letter code)
|
|
|
|
countryName_default = DE
|
|
|
|
countryName_min = 2
|
|
|
|
countryName_max = 2
|
2011-05-03 21:01:18 +02:00
|
|
|
|
2011-05-04 22:06:25 +02:00
|
|
|
stateOrProvinceName = State or Province Name (full name)
|
|
|
|
stateOrProvinceName_default = Saxony
|
2011-05-03 21:01:18 +02:00
|
|
|
|
2011-05-04 22:06:25 +02:00
|
|
|
localityName = Locality Name (eg, city)
|
2011-05-03 21:01:18 +02:00
|
|
|
localityName_default = Example Town
|
|
|
|
|
2011-05-04 22:06:25 +02:00
|
|
|
0.organizationName = Organization Name (eg, company)
|
|
|
|
0.organizationName_default = Example Organization
|
2011-05-03 21:01:18 +02:00
|
|
|
|
2011-05-04 22:06:25 +02:00
|
|
|
organizationalUnitName = Organizational Unit Name (eg, section)
|
|
|
|
organizationalUnitName_default = Example Lab
|
2011-05-03 21:01:18 +02:00
|
|
|
|
2011-05-04 22:06:25 +02:00
|
|
|
commonName = Common Name (eg, YOUR name)
|
|
|
|
commonName_max = 64
|
2011-05-03 21:01:18 +02:00
|
|
|
commonName_default = Example Lab Root CA
|
|
|
|
|
2011-05-04 22:06:25 +02:00
|
|
|
emailAddress = Email Address
|
|
|
|
emailAddress_max = 64
|
2011-05-03 21:01:18 +02:00
|
|
|
emailAddress_default = rootca@example.org
|
|
|
|
|
|
|
|
[ v3_ca_ext ]
|
2011-05-04 22:06:25 +02:00
|
|
|
basicConstraints = critical, CA:true, pathlen:1
|
|
|
|
keyUsage = critical, keyCertSign,cRLSign
|
|
|
|
nsComment = "Example Labs Root Certificate"
|
2011-05-04 22:41:55 +02:00
|
|
|
|
|
|
|
# PKIX recommendations harmless if included in all certificates.
|
|
|
|
subjectKeyIdentifier = hash
|
|
|
|
authorityKeyIdentifier = keyid:always,issuer:always
|