ab/openssl-ca.conf

## openssl-ca.conf
# This configuration file governs how OpenSSL should operate for this CA.

[ ca ]
default_ca = CA_myca

[ CA_myca ]
dir = ./ca
certs = $dir/certs
crl_dir = $dir/crl
database = $dir/index.txt

new_certs_dir = $dir/newcerts

certificate = $dir/certs/ca.crt
serial = $dir/serial
crlnumber = $dir/crlnumber
crl = $dir/crl.pem

private_key = $dir/private/ca.key
RANDFILE = $dir/private/.rand

x509_extensions = usr_cert

name_opt = ca_default
cert_opt = ca_default

default_days = 3650
default_crl_days = 30
default_md = sha256
#default_md = sha1
preserve = no

policy = policy_match

email_in_dn = no

# For the CA policy
[ policy_match ]
countryName     = match
stateOrProvinceName = match
organizationName    = match
organizationalUnitName  = optional
commonName      = supplied
emailAddress    = optional

[ req ]
default_bits        = 2048
distinguished_name = req_distinguished_name


[ req_distinguished_name ]
countryName         = Country Name (2 letter code)
countryName_default     = US
#
stateOrProvinceName     = State or Province Name (full name)
stateOrProvinceName_default = California
#
localityName = Locality Name (eg, city)
localityName_default = San Francisco
#
0.organizationName      = Organization Name (eg, company)
0.organizationName_default  = MyCompany
#
organizationalUnitName = Organizational Unit Name (e.g., section)
#
commonName = Common Name (e.g. server FQDN)
commonName_max = 64

[ v3_ca ]
basicConstraints = critical,CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always

[ usr_cert ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer

# vim: ft=dosini :
	# This configuration file governs how OpenSSL should operate for this CA.

	[ ca ]
	default_ca = CA_myca

	[ CA_myca ]
	dir = ./ca
	certs = $dir/certs
	crl_dir = $dir/crl
	database = $dir/index.txt

	new_certs_dir = $dir/newcerts

	certificate = $dir/certs/ca.crt
	serial = $dir/serial
	crlnumber = $dir/crlnumber
	crl = $dir/crl.pem

	private_key = $dir/private/ca.key
	RANDFILE = $dir/private/.rand

	x509_extensions = usr_cert

	name_opt = ca_default
	cert_opt = ca_default

	default_days = 3650
	default_crl_days = 30
	default_md = sha256
	#default_md = sha1
	preserve = no

	policy = policy_match

	email_in_dn = no

	# For the CA policy
	[ policy_match ]
	countryName = match
	stateOrProvinceName = match
	organizationName = match
	organizationalUnitName = optional
	commonName = supplied
	emailAddress = optional

	[ req ]
	default_bits = 2048
	distinguished_name = req_distinguished_name


	[ req_distinguished_name ]
	countryName = Country Name (2 letter code)
	countryName_default = US
	#
	stateOrProvinceName = State or Province Name (full name)
	stateOrProvinceName_default = California
	#
	localityName = Locality Name (eg, city)
	localityName_default = San Francisco
	#
	0.organizationName = Organization Name (eg, company)
	0.organizationName_default = MyCompany
	#
	organizationalUnitName = Organizational Unit Name (e.g., section)
	#
	commonName = Common Name (e.g. server FQDN)
	commonName_max = 64

	[ v3_ca ]
	basicConstraints = critical,CA:TRUE
	subjectKeyIdentifier = hash
	authorityKeyIdentifier = keyid:always,issuer:always

	[ usr_cert ]
	basicConstraints = CA:FALSE
	subjectKeyIdentifier = hash
	authorityKeyIdentifier = keyid,issuer

	# vim: ft=dosini :