AKASHI Takahiro | 79f428e | 2020-07-21 19:35:24 +0900 | [diff] [blame] | 1 | [ ca ] |
| 2 | default_ca = CA_default |
| 3 | |
| 4 | [ CA_default ] |
| 5 | new_certs_dir = . |
| 6 | database = ./index.txt |
| 7 | serial = ./serial |
| 8 | default_md = sha256 |
| 9 | policy = policy_min |
| 10 | |
| 11 | [ req ] |
| 12 | distinguished_name = def_distinguished_name |
| 13 | |
| 14 | [def_distinguished_name] |
| 15 | |
| 16 | # Extensions |
| 17 | # -addext " ... = ..." |
| 18 | # |
| 19 | [ v3_ca ] |
| 20 | # Extensions for a typical Root CA. |
| 21 | basicConstraints = critical,CA:TRUE |
| 22 | keyUsage = critical, digitalSignature, cRLSign, keyCertSign |
| 23 | subjectKeyIdentifier = hash |
| 24 | authorityKeyIdentifier = keyid:always,issuer |
| 25 | |
| 26 | [ v3_int_ca ] |
| 27 | # Extensions for a typical intermediate CA. |
| 28 | basicConstraints = critical, CA:TRUE |
| 29 | keyUsage = critical, digitalSignature, cRLSign, keyCertSign |
| 30 | subjectKeyIdentifier = hash |
| 31 | authorityKeyIdentifier = keyid:always,issuer |
| 32 | |
| 33 | [ usr_cert ] |
| 34 | # Extensions for user end certificates. |
| 35 | basicConstraints = CA:FALSE |
| 36 | keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment |
| 37 | extendedKeyUsage = clientAuth, emailProtection |
| 38 | subjectKeyIdentifier = hash |
| 39 | authorityKeyIdentifier = keyid,issuer |
| 40 | |
| 41 | [ policy_min ] |
| 42 | countryName = optional |
| 43 | stateOrProvinceName = optional |
| 44 | localityName = optional |
| 45 | organizationName = optional |
| 46 | organizationalUnitName = optional |
| 47 | commonName = supplied |
| 48 | emailAddress = optional |