1 2# Comment out the next line to ignore configuration errors 3config_diagnostics = 1 4 5CN2 = Brother 2 6 7#################################################################### 8[ req ] 9distinguished_name = req_distinguished_name 10encrypt_rsa_key = no 11default_md = sha1 12 13[ req_distinguished_name ] 14countryName = Country Name (2 letter code) 15countryName_value = AU 16organizationName = Organization Name (eg, company) 17organizationName_value = Dodgy Brothers 18commonName = Common Name (eg, YOUR name) 19commonName_value = Dodgy CA 20 21#################################################################### 22[ userreq ] 23distinguished_name = user_dn 24encrypt_rsa_key = no 25default_md = sha256 26prompt = no 27 28[ user_dn ] 29countryName = AU 30organizationName = Dodgy Brothers 310.commonName = Brother 1 321.commonName = $ENV::CN2 33 34[ empty ] 35 36[ v3_ee ] 37subjectKeyIdentifier = hash 38authorityKeyIdentifier = keyid,issuer:always 39basicConstraints = CA:false 40keyUsage = nonRepudiation, digitalSignature, keyEncipherment 41 42[ v3_ee_dsa ] 43subjectKeyIdentifier = hash 44authorityKeyIdentifier = keyid:always 45basicConstraints = CA:false 46keyUsage = nonRepudiation, digitalSignature 47 48[ v3_ee_ec ] 49subjectKeyIdentifier = hash 50authorityKeyIdentifier = keyid:always 51basicConstraints = CA:false 52keyUsage = nonRepudiation, digitalSignature, keyAgreement 53 54#################################################################### 55[ ca ] 56default_ca = CA_default 57 58[ CA_default ] 59dir = ./demoCA 60certs = $dir/certs 61crl_dir = $dir/crl 62database = $dir/index.txt 63new_certs_dir = $dir/newcerts 64certificate = $dir/cacert.pem 65serial = $dir/serial 66crl = $dir/crl.pem 67private_key = $dir/private/cakey.pem 68x509_extensions = v3_ca 69name_opt = ca_default 70cert_opt = ca_default 71default_days = 365 72default_crl_days= 30 73default_md = sha1 74preserve = no 75policy = policy_anything 76 77[ policy_anything ] 78countryName = optional 79stateOrProvinceName = optional 80localityName = optional 81organizationName = optional 82organizationalUnitName = optional 83commonName = supplied 84emailAddress = optional 85 86[ v3_ca ] 87subjectKeyIdentifier = hash 88authorityKeyIdentifier = keyid:always,issuer:always 89basicConstraints = critical,CA:true,pathlen:1 90keyUsage = cRLSign, keyCertSign 91issuerAltName = issuer:copy 92
