xref: /freebsd/crypto/openssl/test/ca-and-certs.cnf (revision 3f0efe05432b1633991114ca4ca330102a561959) 
1
2# Comment out the next line to ignore configuration errors
3config_diagnostics = 1
4
5CN2 = Brother 2
6
7####################################################################
8[ req ]
9distinguished_name	= req_distinguished_name
10encrypt_rsa_key		= no
11default_md		= sha1
12
13[ req_distinguished_name ]
14countryName			= Country Name (2 letter code)
15countryName_value		= AU
16organizationName		= Organization Name (eg, company)
17organizationName_value		= Dodgy Brothers
18commonName			= Common Name (eg, YOUR name)
19commonName_value		= Dodgy CA
20
21####################################################################
22[ userreq ]
23distinguished_name	= user_dn
24encrypt_rsa_key		= no
25default_md		= sha256
26prompt			= no
27
28[ user_dn ]
29countryName		= AU
30organizationName	= Dodgy Brothers
310.commonName		= Brother 1
321.commonName		= $ENV::CN2
33
34[ v3_ee ]
35subjectKeyIdentifier	= hash
36authorityKeyIdentifier	= keyid,issuer:always
37basicConstraints 	= CA:false
38keyUsage		= nonRepudiation, digitalSignature, keyEncipherment
39
40[ v3_ee_dsa ]
41subjectKeyIdentifier	= hash
42authorityKeyIdentifier	= keyid:always
43basicConstraints	= CA:false
44keyUsage		= nonRepudiation, digitalSignature
45
46[ v3_ee_ec ]
47subjectKeyIdentifier	= hash
48authorityKeyIdentifier	= keyid:always
49basicConstraints	= CA:false
50keyUsage		= nonRepudiation, digitalSignature, keyAgreement
51
52####################################################################
53[ ca ]
54default_ca	= CA_default
55
56[ CA_default ]
57dir		= ./demoCA
58certs		= $dir/certs
59crl_dir		= $dir/crl
60database	= $dir/index.txt
61new_certs_dir	= $dir/newcerts
62certificate	= $dir/cacert.pem
63serial		= $dir/serial
64crl		= $dir/crl.pem
65private_key	= $dir/private/cakey.pem
66x509_extensions	= v3_ca
67name_opt 	= ca_default
68cert_opt 	= ca_default
69default_days	= 365
70default_crl_days= 30
71default_md	= sha1
72preserve	= no
73policy		= policy_anything
74
75[ policy_anything ]
76countryName		= optional
77stateOrProvinceName	= optional
78localityName		= optional
79organizationName	= optional
80organizationalUnitName	= optional
81commonName		= supplied
82emailAddress		= optional
83
84[ v3_ca ]
85subjectKeyIdentifier	= hash
86authorityKeyIdentifier	= keyid:always,issuer:always
87basicConstraints 	= critical,CA:true,pathlen:1
88keyUsage		= cRLSign, keyCertSign
89issuerAltName		= issuer:copy
90