| [ ca ] |
| default_ca = CA_default |
| |
| [ CA_default ] |
| new_certs_dir = . |
| database = ./index.txt |
| serial = ./serial |
| default_md = sha256 |
| policy = policy_min |
| |
| [ req ] |
| distinguished_name = def_distinguished_name |
| |
| [def_distinguished_name] |
| |
| # Extensions |
| # -addext " ... = ..." |
| # |
| [ v3_ca ] |
| # Extensions for a typical Root CA. |
| basicConstraints = critical,CA:TRUE |
| keyUsage = critical, digitalSignature, cRLSign, keyCertSign |
| subjectKeyIdentifier = hash |
| authorityKeyIdentifier = keyid:always,issuer |
| |
| [ v3_int_ca ] |
| # Extensions for a typical intermediate CA. |
| basicConstraints = critical, CA:TRUE |
| keyUsage = critical, digitalSignature, cRLSign, keyCertSign |
| subjectKeyIdentifier = hash |
| authorityKeyIdentifier = keyid:always,issuer |
| |
| [ usr_cert ] |
| # Extensions for user end certificates. |
| basicConstraints = CA:FALSE |
| keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment |
| extendedKeyUsage = clientAuth, emailProtection |
| subjectKeyIdentifier = hash |
| authorityKeyIdentifier = keyid,issuer |
| |
| [ policy_min ] |
| countryName = optional |
| stateOrProvinceName = optional |
| localityName = optional |
| organizationName = optional |
| organizationalUnitName = optional |
| commonName = supplied |
| emailAddress = optional |