| 1 | #
|
|---|
| 2 | # SSLeay example configuration file.
|
|---|
| 3 | # This is mostly being used for generation of certificate requests.
|
|---|
| 4 | #
|
|---|
| 5 |
|
|---|
| 6 | RANDFILE = .rnd
|
|---|
| 7 |
|
|---|
| 8 | ####################################################################
|
|---|
| 9 | [ ca ]
|
|---|
| 10 | default_ca = CA_default # The default ca section
|
|---|
| 11 |
|
|---|
| 12 | ####################################################################
|
|---|
| 13 | [ CA_default ]
|
|---|
| 14 |
|
|---|
| 15 | dir = demoCA # Where everything is kept
|
|---|
| 16 | certs = $dir\certs # Where the issued certs are kept
|
|---|
| 17 | crl_dir = $dir\crl # Where the issued crl are kept
|
|---|
| 18 | database = $dir\index.txt # database index file.
|
|---|
| 19 | new_certs_dir = $dir\newcerts # default place for new certs.
|
|---|
| 20 |
|
|---|
| 21 | certificate = $dir\cacert.pem # The CA certificate
|
|---|
| 22 | serial = $dir\serial # The current serial number
|
|---|
| 23 | crl = $dir\crl.pem # The current CRL
|
|---|
| 24 | private_key = $dir\private\cakey.pem # The private key
|
|---|
| 25 | RANDFILE = $dir\private\private.rnd # private random number file
|
|---|
| 26 |
|
|---|
| 27 | x509_extensions = x509v3_extensions # The extentions to add to the cert
|
|---|
| 28 | default_days = 365 # how long to certify for
|
|---|
| 29 | default_crl_days= 30 # how long before next CRL
|
|---|
| 30 | default_md = md5 # which md to use.
|
|---|
| 31 | preserve = no # keep passed DN ordering
|
|---|
| 32 |
|
|---|
| 33 | # A few difference way of specifying how similar the request should look
|
|---|
| 34 | # For type CA, the listed attributes must be the same, and the optional
|
|---|
| 35 | # and supplied fields are just that :-)
|
|---|
| 36 | policy = policy_match
|
|---|
| 37 |
|
|---|
| 38 | # For the CA policy
|
|---|
| 39 | [ policy_match ]
|
|---|
| 40 | countryName = optional
|
|---|
| 41 | stateOrProvinceName = optional
|
|---|
| 42 | organizationName = optional
|
|---|
| 43 | organizationalUnitName = optional
|
|---|
| 44 | commonName = supplied
|
|---|
| 45 | emailAddress = optional
|
|---|
| 46 |
|
|---|
| 47 | # For the 'anything' policy
|
|---|
| 48 | # At this point in time, you must list all acceptable 'object'
|
|---|
| 49 | # types.
|
|---|
| 50 | [ policy_anything ]
|
|---|
| 51 | countryName = optional
|
|---|
| 52 | stateOrProvinceName = optional
|
|---|
| 53 | localityName = optional
|
|---|
| 54 | organizationName = optional
|
|---|
| 55 | organizationalUnitName = optional
|
|---|
| 56 | commonName = supplied
|
|---|
| 57 | emailAddress = optional
|
|---|
| 58 |
|
|---|
| 59 | ####################################################################
|
|---|
| 60 | [ req ]
|
|---|
| 61 | default_bits = 1024
|
|---|
| 62 | default_keyfile = privkey.pem
|
|---|
| 63 | distinguished_name = req_distinguished_name
|
|---|
| 64 | attributes = req_attributes
|
|---|
| 65 |
|
|---|
| 66 | [ req_distinguished_name ]
|
|---|
| 67 | countryName = Country Name (2 letter code)
|
|---|
| 68 | countryName_min = 2
|
|---|
| 69 | countryName_max = 2
|
|---|
| 70 |
|
|---|
| 71 | stateOrProvinceName = State or Province Name (full name)
|
|---|
| 72 |
|
|---|
| 73 | localityName = Locality Name (eg, city)
|
|---|
| 74 |
|
|---|
| 75 | 0.organizationName = Organization Name (eg, company)
|
|---|
| 76 |
|
|---|
| 77 | organizationalUnitName = Organizational Unit Name (eg, section)
|
|---|
| 78 |
|
|---|
| 79 | commonName = Common Name (eg, your website's domain name)
|
|---|
| 80 | commonName_max = 64
|
|---|
| 81 |
|
|---|
| 82 | emailAddress = Email Address
|
|---|
| 83 | emailAddress_max = 40
|
|---|
| 84 |
|
|---|
| 85 | [ req_attributes ]
|
|---|
| 86 | challengePassword = A challenge password
|
|---|
| 87 | challengePassword_min = 4
|
|---|
| 88 | challengePassword_max = 20
|
|---|
| 89 |
|
|---|
| 90 | [ x509v3_extensions ]
|
|---|
| 91 |
|
|---|
| 92 | # under ASN.1, the 0 bit would be encoded as 80
|
|---|
| 93 | nsCertType = 0x40
|
|---|
| 94 |
|
|---|
| 95 | #nsBaseUrl
|
|---|
| 96 | #nsRevocationUrl
|
|---|
| 97 | #nsRenewalUrl
|
|---|
| 98 | #nsCaPolicyUrl
|
|---|
| 99 | #nsSslServerName
|
|---|
| 100 | #nsCertSequence
|
|---|
| 101 | #nsCertExt
|
|---|
| 102 | #nsDataType
|
|---|
| 103 |
|
|---|