|
- # Request configuration for CA certificate
- #
- # Author: Jan Dittberner <jan@dittberner.info>
- # Date: 2015-02-03
-
- RANDFILE = $ENV::HOME/ca/.rnd
-
- [ req ]
- default_bits = 4096
- distinguished_name = req_distinguished_name
- x509_extensions = v3_ca_ext
- utf8 = yes
- default_md = sha256
- string_mask = utf8only
-
- [ req_distinguished_name ]
- countryName = Country Name (2 letter code)
- countryName_default = DE
- countryName_min = 2
- countryName_max = 2
-
- stateOrProvinceName = State or Province Name (full name)
- stateOrProvinceName_default = Saxony
-
- localityName = Locality Name (eg, city)
- localityName_default = Example Town
-
- 0.organizationName = Organization Name (eg, company)
- 0.organizationName_default = Example Organization
-
- organizationalUnitName = Organizational Unit Name (eg, section)
- organizationalUnitName_default = Example Lab
-
- commonName = Common Name (eg, YOUR name)
- commonName_max = 64
- commonName_default = Example Lab Root CA
-
- emailAddress = Email Address
- emailAddress_max = 64
- emailAddress_default = rootca@example.org
-
- [ v3_ca_ext ]
- basicConstraints = critical, CA:true, pathlen:1
- keyUsage = critical, keyCertSign,cRLSign
- nsComment = "Example Labs Root Certificate"
-
- # PKIX recommendations harmless if included in all certificates.
- subjectKeyIdentifier = hash
- authorityKeyIdentifier = keyid:always,issuer:always
|