2 # OpenSSL example configuration file.
5 RANDFILE = $ENV::HOME/.rnd
7 ####################################################################
9 default_ca = CA_default # The default ca section
12 default_days = 365 # how long to certify for
13 default_crl_days = 365 # how long before next CRL
14 default_md = sha512 # use public key default MD
15 preserve = no # keep passed DN ordering
18 email_in_dn = no # Don't concat the email in the DN
19 copy_extensions = copyall # Required to copy SANs from CSR to cert
22 new_certs_dir = $dir/certs
23 database = $dir/index.txt
25 certificate = $dir/ca.crt
27 x509_extensions = ca_extensions
31 crlDistributionPoints=URI:http://www.somenet.org/somenet.crl
34 organizationName = match
35 countryName = optional
36 stateOrProvinceName = optional
37 localityName = optional
38 organizationalUnitName = optional
40 emailAddress = optional
42 ####################################################################
45 distinguished_name = req_distinguished_name
46 string_mask = utf8only
48 x509_extensions = v3_ca
49 req_extensions = v3_req
51 ####################################################################
52 [ req_distinguished_name ]
53 0.organizationName = Organization Name (eg, company)
54 0.organizationName_default = somenet.org
56 organizationalUnitName = Organizational Unit Name (eg, section)
57 organizationalUnitName_default = CertGen
59 commonName = Common Name (e.g. server FQDN or YOUR name)
62 emailAddress = Email Address
65 ####################################################################
67 basicConstraints = CA:FALSE
68 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
69 subjectAltName = @alt_names
71 ####################################################################
73 subjectKeyIdentifier = hash
74 authorityKeyIdentifier = keyid:always,issuer
75 basicConstraints = CA:true
77 ####################################################################
79 basicConstraints = CA:true
80 keyUsage = keyCertSign, cRLSign
82 ####################################################################
84 # ALT_NAMES MUST BE THE LAST LINE.