patrickberkeley/ubuntu sample caconfig

## ubuntu sample caconfig
# My sample caconfig.cnf file.
#
# Default configuration to use when one is not provided on the command line.
#
[ ca ]
default_ca      = local_ca
#
#
# Default location of directories and files needed to generate certificates.
#
[ local_ca ]
dir             = /home/<username>/myCA
certificate     = $dir/cacert.pem
database        = $dir/index.txt
new_certs_dir   = $dir/signedcerts
private_key     = $dir/private/cakey.pem
serial          = $dir/serial
#
#
# Default expiration and encryption policies for certificates.
#
default_crl_days        = 365
default_days            = 1825
default_md              = md5
#
policy          = local_ca_policy
x509_extensions = local_ca_extensions
#
#
# Default policy to use when generating server certificates.  The following
# fields must be defined in the server certificate.
#
[ local_ca_policy ]
commonName              = supplied
stateOrProvinceName     = supplied
countryName             = supplied
emailAddress            = supplied
organizationName        = supplied
organizationalUnitName  = supplied
#
#
# x509 extensions to use when generating server certificates.
#
[ local_ca_extensions ]
subjectAltName          = DNS:alt.tradeshowhell.com
basicConstraints        = CA:false
nsCertType              = server
#
#
# The default root certificate generation policy.
#
[ req ]
default_bits    = 2048
default_keyfile = /home/<username>/myCA/private/cakey.pem
default_md      = md5
#
prompt                  = no
distinguished_name      = root_ca_distinguished_name
x509_extensions         = root_ca_extensions
#
#
# Root Certificate Authority distinguished name.  Change these fields to match
# your local environment!
#
[ root_ca_distinguished_name ]
commonName              = MyOwn Root Certificate Authority
stateOrProvinceName     = NC
countryName             = US
emailAddress            = root@tradeshowhell.com
organizationName        = Trade Show Hell
organizationalUnitName  = IT Department
#
[ root_ca_extensions ]
basicConstraints        = CA:true
	# My sample caconfig.cnf file.
	#
	# Default configuration to use when one is not provided on the command line.
	#
	[ ca ]
	default_ca = local_ca
	#
	#
	# Default location of directories and files needed to generate certificates.
	#
	[ local_ca ]
	dir = /home/<username>/myCA
	certificate = $dir/cacert.pem
	database = $dir/index.txt
	new_certs_dir = $dir/signedcerts
	private_key = $dir/private/cakey.pem
	serial = $dir/serial
	#
	#
	# Default expiration and encryption policies for certificates.
	#
	default_crl_days = 365
	default_days = 1825
	default_md = md5
	#
	policy = local_ca_policy
	x509_extensions = local_ca_extensions
	#
	#
	# Default policy to use when generating server certificates. The following
	# fields must be defined in the server certificate.
	#
	[ local_ca_policy ]
	commonName = supplied
	stateOrProvinceName = supplied
	countryName = supplied
	emailAddress = supplied
	organizationName = supplied
	organizationalUnitName = supplied
	#
	#
	# x509 extensions to use when generating server certificates.
	#
	[ local_ca_extensions ]
	subjectAltName = DNS:alt.tradeshowhell.com
	basicConstraints = CA:false
	nsCertType = server
	#
	#
	# The default root certificate generation policy.
	#
	[ req ]
	default_bits = 2048
	default_keyfile = /home/<username>/myCA/private/cakey.pem
	default_md = md5
	#
	prompt = no
	distinguished_name = root_ca_distinguished_name
	x509_extensions = root_ca_extensions
	#
	#
	# Root Certificate Authority distinguished name. Change these fields to match
	# your local environment!
	#
	[ root_ca_distinguished_name ]
	commonName = MyOwn Root Certificate Authority
	stateOrProvinceName = NC
	countryName = US
	emailAddress = root@tradeshowhell.com
	organizationName = Trade Show Hell
	organizationalUnitName = IT Department
	#
	[ root_ca_extensions ]
	basicConstraints = CA:true