1e0c4386eSCy Schubert 2e0c4386eSCy Schubert#################################################################### 3e0c4386eSCy Schubert[ ca ] 4e0c4386eSCy Schubertdefault_ca = CA_default # The default ca section 5e0c4386eSCy Schubert 6e0c4386eSCy Schubert#################################################################### 7e0c4386eSCy Schubert[ CA_default ] 8e0c4386eSCy Schubert 9e0c4386eSCy Schubertdir = ./demoCA # Where everything is kept 10e0c4386eSCy Schubertcerts = $dir/certs # Where the issued certs are kept 11e0c4386eSCy Schubertcrl_dir = $dir/crl # Where the issued crl are kept 12e0c4386eSCy Schubertdatabase = $dir/index.txt # database index file. 13e0c4386eSCy Schubertnew_certs_dir = $dir/new_certs # default place for new certs. 14e0c4386eSCy Schubert 15e0c4386eSCy Schubertcertificate = $dir/CAcert.pem # The CA certificate 16e0c4386eSCy Schubertserial = $dir/serial # The current serial number 17e0c4386eSCy Schubertcrl = $dir/crl.pem # The current CRL 18e0c4386eSCy Schubertprivate_key = $dir/private/CAkey.pem# The private key 19e0c4386eSCy Schubert 20e0c4386eSCy Schubertdefault_days = 365 # how long to certify for 21e0c4386eSCy Schubertdefault_crl_days= 30 # how long before next CRL 22e0c4386eSCy Schubertdefault_md = md5 # which md to use. 23e0c4386eSCy Schubert 24e0c4386eSCy Schubert# A few difference way of specifying how similar the request should look 25e0c4386eSCy Schubert# For type CA, the listed attributes must be the same, and the optional 26e0c4386eSCy Schubert# and supplied fields are just that :-) 27e0c4386eSCy Schubertpolicy = policy_match 28e0c4386eSCy Schubert 29e0c4386eSCy Schubert# For the CA policy 30e0c4386eSCy Schubert[ policy_match ] 31e0c4386eSCy SchubertcountryName = match 32e0c4386eSCy SchubertstateOrProvinceName = match 33e0c4386eSCy SchubertorganizationName = match 34e0c4386eSCy SchubertorganizationalUnitName = optional 35e0c4386eSCy SchubertcommonName = supplied 36e0c4386eSCy SchubertemailAddress = optional 37e0c4386eSCy Schubert 38e0c4386eSCy Schubert# For the 'anything' policy 39e0c4386eSCy Schubert# At this point in time, you must list all acceptable 'object' 40e0c4386eSCy Schubert# types. 41e0c4386eSCy Schubert[ policy_anything ] 42e0c4386eSCy SchubertcountryName = optional 43e0c4386eSCy SchubertstateOrProvinceName = optional 44e0c4386eSCy SchubertlocalityName = optional 45e0c4386eSCy SchubertorganizationName = optional 46e0c4386eSCy SchubertorganizationalUnitName = optional 47e0c4386eSCy SchubertcommonName = supplied 48e0c4386eSCy SchubertemailAddress = optional 49e0c4386eSCy Schubert 50e0c4386eSCy Schubert#################################################################### 51e0c4386eSCy Schubert[ req ] 52e0c4386eSCy Schubertdistinguished_name = req_distinguished_name 53e0c4386eSCy Schubertencrypt_rsa_key = no 54e0c4386eSCy Schubert 55e0c4386eSCy Schubert# Make altreq be identical to req 56e0c4386eSCy Schubert[ altreq ] 57e0c4386eSCy Schubertdistinguished_name = req_distinguished_name 58e0c4386eSCy Schubertencrypt_rsa_key = no 59e0c4386eSCy Schubert 60e0c4386eSCy Schubert[ req_distinguished_name ] 61e0c4386eSCy SchubertcountryName = C field 62e0c4386eSCy SchubertcountryName_value = AU 63e0c4386eSCy SchubertstateOrProvinceName = SP field 64e0c4386eSCy SchubertstateOrProvinceName_value = 65e0c4386eSCy SchubertlocalityName = L field 66e0c4386eSCy SchubertlocalityName_value = Brisbane 67e0c4386eSCy SchubertorganizationName = O field 68e0c4386eSCy SchubertorganizationName_value = CryptSoft Pty Ltd 69e0c4386eSCy SchubertorganizationalUnitName = OU field 70e0c4386eSCy SchubertorganizationalUnitName_value = . 71e0c4386eSCy SchubertcommonName = CN field 72e0c4386eSCy SchubertcommonName_value = Eric Young 73e0c4386eSCy SchubertemailAddress = email field 74e0c4386eSCy SchubertemailAddress_value = eay@mincom.oz.au 75*44096ebdSEnji Cooper 76*44096ebdSEnji Cooper[ dirname_sec ] 77*44096ebdSEnji CooperC = UK 78*44096ebdSEnji CooperO = My Organization 79*44096ebdSEnji CooperOU = My Unit 80*44096ebdSEnji CooperCN = My Name 81