net/data/ssl/scripts/aia-test.cnf

   1 CA_DIR=out
   2 CA_NAME=aia-test-root
   3 AIA_URL=http://aia-test.invalid
   4
   5 [ca]
   6 default_ca = CA_root
   7 preserve   = yes
   8
   9 [CA_root]
  10 dir           = ${ENV::CA_DIR}
  11 key_size      = 2048
  12 algo          = sha256
  13 database      = $dir/${ENV::CA_NAME}-index.txt
  14 new_certs_dir = $dir
  15 serial        = $dir/${ENV::CA_NAME}-serial
  16 certificate   = $dir/${ENV::CA_NAME}.pem
  17 private_key   = $dir/${ENV::CA_NAME}.key
  18 RANDFILE      = $dir/.rand
  19 default_days     = 3650
  20 default_crl_days = 30
  21 default_md       = sha256
  22 policy           = policy_anything
  23 unique_subject   = no
  24 copy_extensions  = copy
  25
  26 [user_cert]
  27 basicConstraints       = critical, CA:false
  28 extendedKeyUsage       = serverAuth, clientAuth
  29 authorityInfoAccess    = caIssuers;URI:${ENV::AIA_URL}
  30
  31 [ca_cert]
  32 basicConstraints       = critical, CA:true
  33 keyUsage               = critical, keyCertSign, cRLSign
  34
  35 [policy_anything]
  36 # Default signing policy
  37 countryName            = optional
  38 stateOrProvinceName    = optional
  39 localityName           = optional
  40 organizationName       = optional
  41 organizationalUnitName = optional
  42 commonName             = optional
  43 emailAddress           = optional
  44
  45 [req]
  46 default_bits       = 2048
  47 default_md         = sha256
  48 string_mask        = utf8only
  49 prompt             = no
  50 encrypt_key        = no
  51 distinguished_name = req_env_dn
  52
  53 [req_env_dn]
  54 CN = ${ENV::CA_COMMON_NAME}
  55