xref: /freebsd/crypto/openssl/test/ca-and-certs.cnf (revision e0c4386e7e71d93b0edc0c8fa156263fc4a8b0b6) 
1*e0c4386eSCy Schubert
2*e0c4386eSCy Schubert# Comment out the next line to ignore configuration errors
3*e0c4386eSCy Schubertconfig_diagnostics = 1
4*e0c4386eSCy Schubert
5*e0c4386eSCy SchubertCN2 = Brother 2
6*e0c4386eSCy Schubert
7*e0c4386eSCy Schubert####################################################################
8*e0c4386eSCy Schubert[ req ]
9*e0c4386eSCy Schubertdistinguished_name	= req_distinguished_name
10*e0c4386eSCy Schubertencrypt_rsa_key		= no
11*e0c4386eSCy Schubertdefault_md		= sha1
12*e0c4386eSCy Schubert
13*e0c4386eSCy Schubert[ req_distinguished_name ]
14*e0c4386eSCy SchubertcountryName			= Country Name (2 letter code)
15*e0c4386eSCy SchubertcountryName_value		= AU
16*e0c4386eSCy SchubertorganizationName		= Organization Name (eg, company)
17*e0c4386eSCy SchubertorganizationName_value		= Dodgy Brothers
18*e0c4386eSCy SchubertcommonName			= Common Name (eg, YOUR name)
19*e0c4386eSCy SchubertcommonName_value		= Dodgy CA
20*e0c4386eSCy Schubert
21*e0c4386eSCy Schubert####################################################################
22*e0c4386eSCy Schubert[ userreq ]
23*e0c4386eSCy Schubertdistinguished_name	= user_dn
24*e0c4386eSCy Schubertencrypt_rsa_key		= no
25*e0c4386eSCy Schubertdefault_md		= sha256
26*e0c4386eSCy Schubertprompt			= no
27*e0c4386eSCy Schubert
28*e0c4386eSCy Schubert[ user_dn ]
29*e0c4386eSCy SchubertcountryName		= AU
30*e0c4386eSCy SchubertorganizationName	= Dodgy Brothers
31*e0c4386eSCy Schubert0.commonName		= Brother 1
32*e0c4386eSCy Schubert1.commonName		= $ENV::CN2
33*e0c4386eSCy Schubert
34*e0c4386eSCy Schubert[ v3_ee ]
35*e0c4386eSCy SchubertsubjectKeyIdentifier	= hash
36*e0c4386eSCy SchubertauthorityKeyIdentifier	= keyid,issuer:always
37*e0c4386eSCy SchubertbasicConstraints 	= CA:false
38*e0c4386eSCy SchubertkeyUsage		= nonRepudiation, digitalSignature, keyEncipherment
39*e0c4386eSCy Schubert
40*e0c4386eSCy Schubert[ v3_ee_dsa ]
41*e0c4386eSCy SchubertsubjectKeyIdentifier	= hash
42*e0c4386eSCy SchubertauthorityKeyIdentifier	= keyid:always
43*e0c4386eSCy SchubertbasicConstraints	= CA:false
44*e0c4386eSCy SchubertkeyUsage		= nonRepudiation, digitalSignature
45*e0c4386eSCy Schubert
46*e0c4386eSCy Schubert[ v3_ee_ec ]
47*e0c4386eSCy SchubertsubjectKeyIdentifier	= hash
48*e0c4386eSCy SchubertauthorityKeyIdentifier	= keyid:always
49*e0c4386eSCy SchubertbasicConstraints	= CA:false
50*e0c4386eSCy SchubertkeyUsage		= nonRepudiation, digitalSignature, keyAgreement
51*e0c4386eSCy Schubert
52*e0c4386eSCy Schubert####################################################################
53*e0c4386eSCy Schubert[ ca ]
54*e0c4386eSCy Schubertdefault_ca	= CA_default
55*e0c4386eSCy Schubert
56*e0c4386eSCy Schubert[ CA_default ]
57*e0c4386eSCy Schubertdir		= ./demoCA
58*e0c4386eSCy Schubertcerts		= $dir/certs
59*e0c4386eSCy Schubertcrl_dir		= $dir/crl
60*e0c4386eSCy Schubertdatabase	= $dir/index.txt
61*e0c4386eSCy Schubertnew_certs_dir	= $dir/newcerts
62*e0c4386eSCy Schubertcertificate	= $dir/cacert.pem
63*e0c4386eSCy Schubertserial		= $dir/serial
64*e0c4386eSCy Schubertcrl		= $dir/crl.pem
65*e0c4386eSCy Schubertprivate_key	= $dir/private/cakey.pem
66*e0c4386eSCy Schubertx509_extensions	= v3_ca
67*e0c4386eSCy Schubertname_opt 	= ca_default
68*e0c4386eSCy Schubertcert_opt 	= ca_default
69*e0c4386eSCy Schubertdefault_days	= 365
70*e0c4386eSCy Schubertdefault_crl_days= 30
71*e0c4386eSCy Schubertdefault_md	= sha1
72*e0c4386eSCy Schubertpreserve	= no
73*e0c4386eSCy Schubertpolicy		= policy_anything
74*e0c4386eSCy Schubert
75*e0c4386eSCy Schubert[ policy_anything ]
76*e0c4386eSCy SchubertcountryName		= optional
77*e0c4386eSCy SchubertstateOrProvinceName	= optional
78*e0c4386eSCy SchubertlocalityName		= optional
79*e0c4386eSCy SchubertorganizationName	= optional
80*e0c4386eSCy SchubertorganizationalUnitName	= optional
81*e0c4386eSCy SchubertcommonName		= supplied
82*e0c4386eSCy SchubertemailAddress		= optional
83*e0c4386eSCy Schubert
84*e0c4386eSCy Schubert[ v3_ca ]
85*e0c4386eSCy SchubertsubjectKeyIdentifier	= hash
86*e0c4386eSCy SchubertauthorityKeyIdentifier	= keyid:always,issuer:always
87*e0c4386eSCy SchubertbasicConstraints 	= critical,CA:true,pathlen:1
88*e0c4386eSCy SchubertkeyUsage		= cRLSign, keyCertSign
89*e0c4386eSCy SchubertissuerAltName		= issuer:copy
90