search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Lots of random cleanups, mostly for native_theme_win.cc:
[chromium-blink-merge.git] / net / data / ssl / scripts / ca.cnf
blob8a1d1e75f1ee02879e8ee6517ae4980a82874f4e
1 # Defaults in the event they're not set in the environment
2 CA_DIR    = out
3 KEY_SIZE  = 2048
4 ALGO      = sha1
5 CERT_TYPE = root
6 CA_NAME   = req_env_dn
7
8 [ca]
9 default_ca = CA_root
10 preserve   = yes
11
12 # The default test root, used to generate certificates and CRLs.
13 [CA_root]
14 dir           = $ENV::CA_DIR
15 key_size      = $ENV::KEY_SIZE
16 algo          = $ENV::ALGO
17 cert_type     = $ENV::CERT_TYPE
18 type          = $key_size-$algo-$cert_type
19 database      = $dir/$type-index.txt
20 new_certs_dir = $dir
21 serial        = $dir/$type-serial
22 certificate   = $dir/$type.pem
23 private_key   = $dir/$type.key
24 RANDFILE      = $dir/.rand
25 default_days     = 3650
26 default_crl_days = 30
27 default_md       = sha1
28 policy           = policy_anything
29 unique_subject   = no
30 copy_extensions  = copy
31
32 [user_cert]
33 # Extensions to add when signing a request for an EE cert
34 basicConstraints       = critical, CA:false
35 subjectKeyIdentifier   = hash
36 authorityKeyIdentifier = keyid:always
37 extendedKeyUsage       = serverAuth,clientAuth
38
39 [ca_cert]
40 # Extensions to add when signing a request for an intermediate/CA cert
41 basicConstraints       = critical, CA:true
42 subjectKeyIdentifier   = hash
43 #authorityKeyIdentifier = keyid:always
44 keyUsage               = critical, keyCertSign, cRLSign
45
46 [crl_extensions]
47 # Extensions to add when signing a CRL
48 authorityKeyIdentifier = keyid:always
49
50 [policy_anything]
51 # Default signing policy
52 countryName            = optional
53 stateOrProvinceName    = optional
54 localityName           = optional
55 organizationName       = optional
56 organizationalUnitName = optional
57 commonName             = optional
58 emailAddress           = optional
59
60 [req]
61 # The request section used to generate the root CA certificate. This should
62 # not be used to generate end-entity certificates. For certificates other
63 # than the root CA, see README to find the appropriate configuration file
64 # (ie: openssl_cert.cnf).
65 default_bits       = $ENV::KEY_SIZE
66 default_md         = sha1
67 string_mask        = utf8only
68 prompt             = no
69 encrypt_key        = no
70 distinguished_name = $ENV::CA_NAME
71 x509_extensions    = req_ca_exts
72
73 [req_ca_dn]
74 C  = US
75 ST = California
76 L  = Mountain View
77 O  = Test CA
78 CN = Test Root CA
79
80 [req_intermediate_dn]
81 C  = US
82 ST = California
83 L  = Mountain View
84 O  = Test CA
85 CN = Test Intermediate CA
86
87 [req_env_dn]
88 CN = $ENV::CA_COMMON_NAME
89
90 [req_ca_exts]
91 basicConstraints       = critical, CA:true
92 keyUsage               = critical, keyCertSign, cRLSign
93 subjectKeyIdentifier   = hash