Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / net / data / ssl / scripts / redundant-ca.cnf
blob5707b730bfbbc51356e104850f81fb8f4eed50b8
1 CA_DIR = out
3 [ca]
4 default_ca = CA_root
5 preserve   = yes
7 # The default test root, used to generate certificates and CRLs.
8 [CA_root]
9 dir           = ${ENV::CA_DIR}
10 database      = ${dir}/${ENV::CERTIFICATE}-index.txt
11 new_certs_dir = ${dir}
12 serial        = ${dir}/${ENV::CERTIFICATE}-serial
13 certificate   = ${dir}/${ENV::CERTIFICATE}.pem
14 private_key   = ${dir}/${ENV::CERTIFICATE}.key
15 RANDFILE      = ${dir}/rand
16 default_days     = 3650
17 default_crl_days = 30
18 default_md       = sha256
19 policy           = policy_anything
20 unique_subject   = no
22 [user_cert]
23 # Extensions to add when signing a request for an EE cert
24 basicConstraints       = critical, CA:false
25 subjectKeyIdentifier   = hash
26 authorityKeyIdentifier = keyid:always
27 extendedKeyUsage       = serverAuth,clientAuth
29 [ca_cert]
30 # Extensions to add when signing a request for an intermediate/CA cert
31 basicConstraints       = critical, CA:true
32 subjectKeyIdentifier   = hash
33 #authorityKeyIdentifier = keyid:always
34 keyUsage               = critical, keyCertSign, cRLSign
36 [crl_extensions]
37 # Extensions to add when signing a CRL
38 authorityKeyIdentifier = keyid:always
40 [policy_anything]
41 # Default signing policy
42 countryName            = optional
43 stateOrProvinceName    = optional
44 localityName           = optional
45 organizationName       = optional
46 organizationalUnitName = optional
47 commonName             = optional
48 emailAddress           = optional
50 [req]
51 # The request section used to generate certificate requests.
52 default_bits       = 2048
53 default_md         = sha256
54 string_mask        = utf8only
55 prompt             = no
56 encrypt_key        = no
57 distinguished_name = req_env_dn
59 [req_env_dn]
60 CN = ${ENV::CA_COMMON_NAME}