]> git.somenet.org - somenet/certgen.git/blob - openssl.cnf
support creating a CA and using a previously generated ca to sign new certs.
[somenet/certgen.git] / openssl.cnf
1 #
2 # OpenSSL example configuration file.
3
4 HOME            = .
5 RANDFILE        = $ENV::HOME/.rnd
6
7 ####################################################################
8 [ ca ]
9 default_ca  = CA_default        # The default ca section
10
11 [ CA_default ]
12 default_days            = 365          # how long to certify for
13 default_crl_days        = 365            # how long before next CRL
14 default_md                      = sha512        # use public key default MD
15 preserve                        = no            # keep passed DN ordering
16
17 x509_extensions         = ca_extensions     # The extensions to add to the cert
18
19 unique_subject  = no
20 email_in_dn             = no            # Don't concat the email in the DN
21 copy_extensions = copyall          # Required to copy SANs from CSR to cert
22
23 dir             = ${ENV::CA_PATH}
24 new_certs_dir   = $dir/certs
25 database        = $dir/index.txt
26 serial          = $dir/serial
27 certificate     = $dir/ca.crt
28
29 policy          = policy_match
30
31 [ policy_match ]
32 organizationName        = match
33 countryName             = optional
34 stateOrProvinceName     = optional
35 localityName            = optional
36 organizationalUnitName  = optional
37 commonName              = supplied
38 emailAddress            = optional
39
40 ####################################################################
41 [ req ]
42 default_bits            = 4096
43 distinguished_name      = req_distinguished_name
44 string_mask                     = utf8only
45 default_md                      = sha512
46 x509_extensions         = v3_ca
47 req_extensions          = v3_req
48
49 ####################################################################
50 [ req_distinguished_name ]
51 0.organizationName                      = Organization Name (eg, company)
52 0.organizationName_default      = somenet.org
53
54 organizationalUnitName          = Organizational Unit Name (eg, section)
55 organizationalUnitName_default  = CertGen
56
57 commonName                                      = Common Name (e.g. server FQDN or YOUR name)
58 commonName_max                          = 64
59
60 emailAddress                            = Email Address
61 emailAddress_max                        = 64
62
63 ####################################################################
64 [ v3_req ]
65 basicConstraints = CA:FALSE
66 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
67 subjectAltName = @alt_names
68
69 ####################################################################
70 [ v3_ca ]
71 subjectKeyIdentifier = hash
72 authorityKeyIdentifier = keyid:always,issuer
73 basicConstraints = CA:true
74
75 ####################################################################
76 [ v3_ca_req ]
77 basicConstraints = CA:true
78 keyUsage = keyCertSign, cRLSign
79
80 ####################################################################
81
82 # ALT_NAMES MUST BE THE LAST LINE.
83 [alt_names]
84