1HOME			= .
2RANDFILE		= $ENV::HOME/.rnd
3
4[ ca ]
5default_ca	= CA_default		# The default ca section
6
7[ CA_default ]
8
9dir		= ./test_certs/rootCA	# Where everything is kept
10certs		= $dir/certs		# Where the issued certs are kept
11crl_dir		= $dir/crl		# Where the issued crl are kept
12database	= $dir/index.txt	# database index file.
13#unique_subject	= no			# Set to 'no' to allow creation of
14					# several ctificates with same subject.
15new_certs_dir	= $dir/newcerts		# default place for new certs.
16certificate	= $dir/cacert.pem 	# The CA certificate
17serial		= $dir/serial 		# The current serial number
18crlnumber	= $dir/crlnumber	# the current crl number
19					# must be commented out to leave a V1 CRL
20crl		= $dir/crl.pem 		# The current CRL
21private_key	= $dir/private/cakey.pem# The private key
22RANDFILE	= $dir/private/.rand	# private random number file
23x509_extensions	= usr_cert		# The extentions to add to the cert
24name_opt 	= ca_default		# Subject Name options
25cert_opt 	= ca_default		# Certificate field options
26
27copy_extensions = copy                  # We need this to support the SubjectAltNames in tests
28
29# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
30# so this is commented out by default to leave a V1 CRL.
31# crlnumber must also be commented out to leave a V1 CRL.
32# crl_extensions	= crl_ext
33
34default_days	= 1095                   # Already expired
35default_crl_days= 1095			# how long before next CRL
36default_md	= default		# use public key default MD
37preserve	= no			# keep passed DN ordering
38
39policy		= policy_anything
40
41[ policy_anything ]
42countryName		= optional
43stateOrProvinceName	= optional
44localityName		= optional
45organizationName	= optional
46organizationalUnitName	= optional
47commonName		= supplied
48emailAddress		= optional
49
50
51[ req ]
52prompt = no
53default_bits = 2048
54default_keyfile = 2.key
55encrypt_key = no
56distinguished_name = req_distinguished_name
57
58string_mask = utf8only
59
60req_extensions = v3_req
61
62[ req_distinguished_name ]
63O=SWI-Prolog
64L=Edinburgh
65ST=Scotland
66C=UK
67CN=Testing Root CA
68
69[ v3_req ]
70
71basicConstraints = CA:TRUE
72keyUsage = nonRepudiation, digitalSignature, keyEncipherment
73
74[ usr_cert ]
75basicConstraints=CA:TRUE
76subjectKeyIdentifier=hash
77authorityKeyIdentifier=keyid,issuer
78
79[ v3_ca ]
80subjectKeyIdentifier=hash
81authorityKeyIdentifier=keyid:always,issuer
82basicConstraints = CA:true
83