diff options
Diffstat (limited to 'etc/root-ca.conf')
| -rw-r--r-- | etc/root-ca.conf | 102 |
1 files changed, 0 insertions, 102 deletions
diff --git a/etc/root-ca.conf b/etc/root-ca.conf deleted file mode 100644 index 70df9cf..0000000 --- a/etc/root-ca.conf +++ /dev/null @@ -1,102 +0,0 @@ -# Simple Root CA - -# The [default] section contains global constants that can be referred to from -# the entire configuration file. It may also hold settings pertaining to more -# than one openssl command. - -[ default ] -ca = root-ca # CA name -dir = . # Top dir - -# The next part of the configuration file is used by the openssl req command. -# It defines the CA's key pair, its DN, and the desired extensions for the CA -# certificate. - -[ req ] -default_bits = 4096 # RSA key size -encrypt_key = no # Protect private key -default_md = sha1 # MD to use -utf8 = yes # Input is UTF-8 -string_mask = utf8only # Emit UTF-8 strings -prompt = no # Don't prompt for DN -distinguished_name = ca_dn # DN section -req_extensions = ca_reqext # Desired extensions - -[ ca_dn ] -0.domainComponent = "net" -1.domainComponent = "eckner" -organizationName = "Eckner Net" -organizationalUnitName = "Eckner Net CA" -commonName = "Eckner Net Root CA" - -[ ca_reqext ] -keyUsage = critical,keyCertSign,cRLSign -basicConstraints = critical,CA:true -subjectKeyIdentifier = hash - -# The remainder of the configuration file is used by the openssl ca command. -# The CA section defines the locations of CA assets, as well as the policies -# applying to the CA. - -[ ca ] -default_ca = root_ca # The default CA section - -[ root_ca ] -certificate = $dir/ca/$ca.crt # The CA cert -private_key = $dir/ca/$ca/private/$ca.key # CA private key -new_certs_dir = $dir/ca/$ca # Certificate archive -serial = $dir/ca/$ca/db/$ca.crt.srl # Serial number file -crlnumber = $dir/ca/$ca/db/$ca.crl.srl # CRL number file -database = $dir/ca/$ca/db/$ca.db # Index file -unique_subject = no # Require unique subject -default_days = 3652 # How long to certify for -default_md = sha1 # MD to use -policy = match_pol # Default naming policy -email_in_dn = no # Add email to cert DN -preserve = no # Keep passed DN ordering -name_opt = ca_default # Subject DN display options -cert_opt = ca_default # Certificate display options -copy_extensions = none # Copy extensions from CSR -x509_extensions = signing_ca_ext # Default cert extensions -default_crl_days = 365 # How long before next CRL -crl_extensions = crl_ext # CRL extensions - -# Naming policies control which parts of a DN end up in the certificate and -# under what circumstances certification should be denied. - -[ match_pol ] -domainComponent = match # Must match 'simple.org' -organizationName = match # Must match 'Simple Inc' -organizationalUnitName = optional # Included if present -commonName = supplied # Must be present - -[ any_pol ] -domainComponent = optional -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = optional -emailAddress = optional - -# Certificate extensions define what types of certificates the CA is able to -# create. - -[ root_ca_ext ] -keyUsage = critical,keyCertSign,cRLSign -basicConstraints = critical,CA:true -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always - -[ signing_ca_ext ] -keyUsage = critical,keyCertSign,cRLSign -basicConstraints = critical,CA:true,pathlen:0 -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always - -# CRL extensions exist solely to point to the CA certificate that has issued -# the CRL. - -[ crl_ext ] -authorityKeyIdentifier = keyid:always |