58 lines
1.7 KiB
Plaintext
58 lines
1.7 KiB
Plaintext
# Request configuration for CA certificate
|
|
#
|
|
# Author: Jan Dittberner <jan@dittberner.info>
|
|
# Date: 2011-05-03
|
|
|
|
RANDFILE = $ENV::HOME/ca/.rnd
|
|
|
|
extensions = v3_ext
|
|
|
|
[ req ]
|
|
default_bits = 2048
|
|
distinguished_name = req_distinguished_name
|
|
x509_extensions = v3_ca_ext
|
|
|
|
# This sets a mask for permitted string types. There are several options.
|
|
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
|
|
string_mask = nombstr
|
|
|
|
[ req_distinguished_name ]
|
|
countryName = Country Name (2 letter code)
|
|
countryName_default = DE
|
|
countryName_min = 2
|
|
countryName_max = 2
|
|
|
|
stateOrProvinceName = State or Province Name (full name)
|
|
stateOrProvinceName_default = Saxony
|
|
|
|
localityName = Locality Name (eg, city)
|
|
localityName_default = Example Town
|
|
|
|
0.organizationName = Organization Name (eg, company)
|
|
0.organizationName_default = Example Organization
|
|
|
|
organizationalUnitName = Organizational Unit Name (eg, section)
|
|
organizationalUnitName_default = Example Lab
|
|
|
|
commonName = Common Name (eg, YOUR name)
|
|
commonName_max = 64
|
|
commonName_default = Example Lab Root CA
|
|
|
|
emailAddress = Email Address
|
|
emailAddress_max = 64
|
|
emailAddress_default = rootca@example.org
|
|
|
|
[ v3_ca_ext ]
|
|
basicConstraints = critical, CA:true, pathlen:1
|
|
keyUsage = critical, keyCertSign,cRLSign
|
|
nsComment = "Example Labs Root Certificate"
|
|
|
|
# PKIX recommendations harmless if included in all certificates.
|
|
subjectKeyIdentifier=hash
|
|
authorityKeyIdentifier = keyid:always,issuer:always
|
|
|
|
# Include email address in subject alt name: another PKIX recommendation
|
|
subjectAltName = email:copy
|
|
authorityInfoAccess = OCSP;URI:http://ocsp.rootca.example.org/
|
|
crlDistributionPoints = URI:http://rootca.example.org/rootca.crl
|