1HOME = . 2RANDFILE = $ENV::HOME/.rnd 3 4[ ca ] 5default_ca = CA_default # The default ca section 6 7[ CA_default ] 8 9dir = ./test_certs/rootCA # Where everything is kept 10certs = $dir/certs # Where the issued certs are kept 11crl_dir = $dir/crl # Where the issued crl are kept 12database = $dir/index.txt # database index file. 13#unique_subject = no # Set to 'no' to allow creation of 14 # several ctificates with same subject. 15new_certs_dir = $dir/newcerts # default place for new certs. 16certificate = $dir/cacert.pem # The CA certificate 17serial = $dir/serial # The current serial number 18crlnumber = $dir/crlnumber # the current crl number 19 # must be commented out to leave a V1 CRL 20crl = $dir/crl.pem # The current CRL 21private_key = $dir/private/cakey.pem# The private key 22RANDFILE = $dir/private/.rand # private random number file 23x509_extensions = usr_cert # The extentions to add to the cert 24name_opt = ca_default # Subject Name options 25cert_opt = ca_default # Certificate field options 26 27copy_extensions = copy # We need this to support the SubjectAltNames in tests 28 29# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs 30# so this is commented out by default to leave a V1 CRL. 31# crlnumber must also be commented out to leave a V1 CRL. 32# crl_extensions = crl_ext 33 34default_days = 1095 # Already expired 35default_crl_days= 1095 # how long before next CRL 36default_md = default # use public key default MD 37preserve = no # keep passed DN ordering 38 39policy = policy_anything 40 41[ policy_anything ] 42countryName = optional 43stateOrProvinceName = optional 44localityName = optional 45organizationName = optional 46organizationalUnitName = optional 47commonName = supplied 48emailAddress = optional 49 50 51[ req ] 52prompt = no 53default_bits = 2048 54default_keyfile = 2.key 55encrypt_key = no 56distinguished_name = req_distinguished_name 57 58string_mask = utf8only 59 60req_extensions = v3_req 61 62[ req_distinguished_name ] 63O=SWI-Prolog 64L=Edinburgh 65ST=Scotland 66C=UK 67CN=Testing Root CA 68 69[ v3_req ] 70 71basicConstraints = CA:TRUE 72keyUsage = nonRepudiation, digitalSignature, keyEncipherment 73 74[ usr_cert ] 75basicConstraints=CA:TRUE 76subjectKeyIdentifier=hash 77authorityKeyIdentifier=keyid,issuer 78 79[ v3_ca ] 80subjectKeyIdentifier=hash 81authorityKeyIdentifier=keyid:always,issuer 82basicConstraints = CA:true 83