blob: 8c0ef6d82b0b07b453fecc09a42c89892865321b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
# This file contains the configuration for all the CAs.
[ req ]
prompt = no
# Extensions for CA certs
[ v3_ca ]
basicConstraints = CA:true
# Root CA, used to sign the certificates of the intermediary server and
# client CAs.
[ root_ca ]
dir = ./ssl/
database = ./ssl/root_ca-certindex
serial = ./ssl/root_ca.srl
default_md = sha256
default_days= 10000
default_crl_days= 10000
certificate = ./ssl/root_ca.crt
private_key = ./ssl/root_ca.key
new_certs_dir = ./ssl/new_certs_dir
policy = policy_match
email_in_dn = no
# CA used to sign all the server certificates.
[ server_ca ]
dir = ./ssl/
database = ./ssl/server_ca-certindex
default_md = sha256
default_days= 10000
default_crl_days= 10000
certificate = ./ssl/server_ca.crt
private_key = ./ssl/server_ca.key
new_certs_dir = ./ssl/new_certs_dir
serial = ./ssl/server_ca.srl
policy = policy_match
email_in_dn = no
unique_subject = no
crl = ./ssl/server.crl
# CA used to sign all the client certificates.
[ client_ca ]
dir = ./ssl/
database = ./ssl/client_ca-certindex
default_md = sha256
default_days= 10000
default_crl_days= 10000
certificate = ./ssl/client_ca.crt
private_key = ./ssl/client_ca.key
new_certs_dir = ./ssl/new_certs_dir
serial = ./ssl/client_ca.srl
policy = policy_match
email_in_dn = no
unique_subject = no
crl = ./ssl/client.crl
# This is common for all CAs.
[ policy_match ]
countryName = optional
stateOrProvinceName = optional
organizationName = optional
organizationalUnitName = optional
commonName = optional
emailAddress = optional
|