1# 2# Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. 3# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4# 5# This code is free software; you can redistribute it and/or modify it 6# under the terms of the GNU General Public License version 2 only, as 7# published by the Free Software Foundation. Oracle designates this 8# particular file as subject to the "Classpath" exception as provided 9# by Oracle in the LICENSE file that accompanied this code. 10# 11# This code is distributed in the hope that it will be useful, but WITHOUT 12# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14# version 2 for more details (a copy is included in the LICENSE file that 15# accompanied this code). 16# 17# You should have received a copy of the GNU General Public License version 18# 2 along with this work; if not, write to the Free Software Foundation, 19# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20# 21# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22# or visit www.oracle.com if you need additional information or have any 23# questions. 24# 25 26# 27# OpenSSL configuration file. 28# 29 30HOME = . 31RANDFILE = $ENV::HOME/.rnd 32 33[ ca ] 34default_ca = CA_default 35 36[ CA_default ] 37dir = ./top 38certs = $dir/certs 39crl_dir = $dir/crl 40database = $dir/index.txt 41unique_subject = no 42new_certs_dir = $dir/newcerts 43certificate = $dir/cacert.pem 44serial = $dir/serial 45crlnumber = $dir/crlnumber 46crl = $dir/crl.pem 47private_key = $dir/private/cakey.pem 48RANDFILE = $dir/private/.rand 49x509_extensions = v3_ca 50 51name_opt = ca_default 52cert_opt = ca_default 53 54default_days = 7650 55default_crl_days = 30 56default_md = sha1 57preserve = no 58 59policy = policy_anything 60 61[ ca_top ] 62dir = ./root 63certs = $dir/certs 64crl_dir = $dir/crl 65database = $dir/index.txt 66unique_subject = no 67new_certs_dir = $dir/newcerts 68certificate = $dir/cacert.pem 69serial = $dir/serial 70crlnumber = $dir/crlnumber 71crl = $dir/crl.pem 72private_key = $dir/private/cakey.pem 73RANDFILE = $dir/private/.rand 74 75x509_extensions = v3_ca 76 77name_opt = ca_default 78cert_opt = ca_default 79 80default_days = 7650 81default_crl_days = 30 82default_md = sha1 83preserve = no 84 85policy = policy_anything 86 87[ ca_subca ] 88dir = ./subca 89certs = $dir/certs 90crl_dir = $dir/crl 91database = $dir/index.txt 92unique_subject = no 93new_certs_dir = $dir/newcerts 94 95certificate = $dir/cacert.pem 96serial = $dir/serial 97crlnumber = $dir/crlnumber 98crl = $dir/crl.pem 99private_key = $dir/private/cakey.pem 100RANDFILE = $dir/private/.rand 101 102x509_extensions = usr_cert 103 104name_opt = ca_default 105cert_opt = ca_default 106 107default_days = 7650 108default_crl_days = 30 109default_md = sha1 110preserve = no 111 112policy = policy_anything 113 114[ policy_match ] 115countryName = match 116stateOrProvinceName = match 117organizationName = match 118organizationalUnitName = optional 119commonName = supplied 120emailAddress = optional 121 122[ policy_anything ] 123countryName = optional 124stateOrProvinceName = optional 125localityName = optional 126organizationName = optional 127organizationalUnitName = optional 128commonName = supplied 129emailAddress = optional 130 131[ req ] 132default_bits = 1024 133default_keyfile = privkey.pem 134distinguished_name = req_distinguished_name 135attributes = req_attributes 136x509_extensions = v3_ca 137 138string_mask = nombstr 139 140[ req_distinguished_name ] 141countryName = Country Name (2 letter code) 142countryName_default = NO 143countryName_min = 2 144countryName_max = 2 145 146stateOrProvinceName = State or Province Name (full name) 147stateOrProvinceName_default = A-State 148 149localityName = Locality Name (eg, city) 150 1510.organizationName = Organization Name (eg, company) 1520.organizationName_default = Internet Widgits Pty Ltd 153 154organizationalUnitName = Organizational Unit Name (eg, section) 155 156commonName = Common Name (eg, YOUR name) 157commonName_max = 64 158 159emailAddress = Email Address 160emailAddress_max = 64 161 162[ req_attributes ] 163challengePassword = A challenge password 164challengePassword_min = 4 165challengePassword_max = 20 166unstructuredName = An optional company name 167 168 169[ usr_cert ] 170keyUsage = nonRepudiation, digitalSignature, keyEncipherment 171 172subjectKeyIdentifier = hash 173authorityKeyIdentifier = keyid,issuer 174 175[ v3_req ] 176basicConstraints = CA:FALSE 177keyUsage = nonRepudiation, digitalSignature, keyEncipherment 178subjectAltName = email:example@openjdk.net, RID:1.2.3.4:true 179 180[ v3_ca ] 181subjectKeyIdentifier = hash 182authorityKeyIdentifier = keyid:always,issuer:always 183basicConstraints = critical,CA:true 184keyUsage = keyCertSign 185 186[ cert_issuer ] 187subjectKeyIdentifier = hash 188authorityKeyIdentifier = keyid:always,issuer:always 189basicConstraints = critical,CA:true 190keyUsage = keyCertSign 191nameConstraints = excluded;RID:1.2.3.4.5 192 193[ crl_issuer ] 194subjectKeyIdentifier = hash 195authorityKeyIdentifier = keyid:always,issuer:always 196keyUsage = cRLSign 197 198 199[ crl_ext ] 200authorityKeyIdentifier = keyid:always,issuer:always 201 202[ ee_of_subca ] 203keyUsage = nonRepudiation, digitalSignature, keyEncipherment, keyAgreement 204 205subjectKeyIdentifier = hash 206authorityKeyIdentifier = keyid,issuer 207 208[ alice_of_subca ] 209keyUsage = nonRepudiation, digitalSignature, keyEncipherment, keyAgreement 210subjectAltName = RID:1.2.3.4 211 212subjectKeyIdentifier = hash 213authorityKeyIdentifier = keyid,issuer 214 215[ susan_of_subca ] 216keyUsage = nonRepudiation, digitalSignature, keyEncipherment, keyAgreement 217subjectAltName = RID:1.2.3.4.5 218 219subjectKeyIdentifier = hash 220authorityKeyIdentifier = keyid,issuer 221