josephrodriguez/openssl.cnf

## openssl.cnf
#
# OpenSSL configuration file.
#

# Establish working directory.

dir								= .
certificate 					= $dir/ssl-cacert.pem
private_key 					= $dir/ssl-cakey.pem
new_certs_dir   				= $dir/certificates
database    					= $dir/index.txt
serial      					= $dir/serial.txt
unique_subject  				= no


[ ca ]

default_ca						= CA_default

[ CA_default ]

default_days					= 365
default_crl_days				= 30
default_md						= sha256
preserve						= no
nameopt							= default_ca
certopt							= default_ca
email_in_dn 					= no
copy_extensions 				= copy
unique_subject  				= no

[ req ]

default_bits        			= 4096
default_keyfile     			= ssl-defaultkey.pem
distinguished_name  			= distinguished_name
x509_extensions     			= v3_ca
req_extensions              	= v3_req
string_mask         			= utf8only


####################################################################
[ distinguished_name ]

# Variable name				Prompt string
#-------------------------	  ----------------------------------
countryName						= Country Name (2 letter code)
countryName_min					= 2
countryName_max					= 2
countryName_default    			= US

stateOrProvinceName				= State or Province Name (full name)

localityName					= Locality Name (city, district)

organizationName				= Organization Name (company)
organizationalUnitName			= Organizational Unit Name (department, division)

emailAddress					= Email Address
emailAddress_max				= 40

commonName						= Common Name (hostname, IP, or your name)
commonName_max					= 64

####################################################################

[ signing_policy ]

countryName     				= optional
stateOrProvinceName 			= optional
localityName        			= optional
organizationName    			= optional
organizationalUnitName  		= optional
commonName      				= supplied
emailAddress        			= optional

####################################################################

[ v3_ca ]
basicConstraints            	= CA:TRUE
subjectKeyIdentifier            = hash
authorityKeyIdentifier          = keyid:always,issuer:always
keyUsage 						= keyCertSign, cRLSign

####################################################################

[ v3_req ]
basicConstraints 				= CA:FALSE
subjectKeyIdentifier			= hash
keyUsage 						= keyEncipherment, dataEncipherment, digitalSignature

####################################################################

[ sign_req ]
basicConstraints				= CA:FALSE
subjectKeyIdentifier			= hash
keyUsage 						= keyEncipherment, dataEncipherment, digitalSignature
authorityKeyIdentifier			= keyid,issuer
	#
	# OpenSSL configuration file.
	#

	# Establish working directory.

	dir = .
	certificate = $dir/ssl-cacert.pem
	private_key = $dir/ssl-cakey.pem
	new_certs_dir = $dir/certificates
	database = $dir/index.txt
	serial = $dir/serial.txt
	unique_subject = no


	[ ca ]

	default_ca = CA_default

	[ CA_default ]

	default_days = 365
	default_crl_days = 30
	default_md = sha256
	preserve = no
	nameopt = default_ca
	certopt = default_ca
	email_in_dn = no
	copy_extensions = copy
	unique_subject = no

	[ req ]

	default_bits = 4096
	default_keyfile = ssl-defaultkey.pem
	distinguished_name = distinguished_name
	x509_extensions = v3_ca
	req_extensions = v3_req
	string_mask = utf8only


	####################################################################
	[ distinguished_name ]

	# Variable name Prompt string
	#------------------------- ----------------------------------
	countryName = Country Name (2 letter code)
	countryName_min = 2
	countryName_max = 2
	countryName_default = US

	stateOrProvinceName = State or Province Name (full name)

	localityName = Locality Name (city, district)

	organizationName = Organization Name (company)
	organizationalUnitName = Organizational Unit Name (department, division)

	emailAddress = Email Address
	emailAddress_max = 40

	commonName = Common Name (hostname, IP, or your name)
	commonName_max = 64

	####################################################################

	[ signing_policy ]

	countryName = optional
	stateOrProvinceName = optional
	localityName = optional
	organizationName = optional
	organizationalUnitName = optional
	commonName = supplied
	emailAddress = optional

	####################################################################

	[ v3_ca ]
	basicConstraints = CA:TRUE
	subjectKeyIdentifier = hash
	authorityKeyIdentifier = keyid:always,issuer:always
	keyUsage = keyCertSign, cRLSign

	####################################################################

	[ v3_req ]
	basicConstraints = CA:FALSE
	subjectKeyIdentifier = hash
	keyUsage = keyEncipherment, dataEncipherment, digitalSignature

	####################################################################

	[ sign_req ]
	basicConstraints = CA:FALSE
	subjectKeyIdentifier = hash
	keyUsage = keyEncipherment, dataEncipherment, digitalSignature
	authorityKeyIdentifier = keyid,issuer