2023-05-12 19:07:28 +00:00
|
|
|
[ ca ]
|
|
|
|
default_ca = ca_default
|
|
|
|
|
|
|
|
[ ca_default ]
|
|
|
|
new_certs_dir = ./ca/certs
|
|
|
|
database = ./ca/db
|
|
|
|
serial = ./ca/serial.txt
|
|
|
|
policy = generic_policy
|
|
|
|
copy_extensions = copy
|
|
|
|
default_md = sha256
|
|
|
|
default_days = 3650
|
|
|
|
unique_subject = no
|
|
|
|
|
|
|
|
[ req ]
|
|
|
|
distinguished_name = generic_policy
|
|
|
|
|
|
|
|
[ generic_policy ]
|
|
|
|
countryName = optional
|
|
|
|
stateOrProvinceName = optional
|
|
|
|
localityName = optional
|
|
|
|
organizationName = optional
|
|
|
|
organizationalUnitName = optional
|
|
|
|
commonName = optional
|
|
|
|
emailAddress = optional
|
|
|
|
|
2023-07-18 17:09:11 +00:00
|
|
|
[ alternate_names ]
|
|
|
|
DNS.1 = localhost
|
|
|
|
DNS.2 = localhost.localdomain
|
|
|
|
DNS.3 = 127.0.0.1
|
|
|
|
|
2023-05-12 19:07:28 +00:00
|
|
|
[ ca_extensions ]
|
|
|
|
keyUsage = critical,digitalSignature,nonRepudiation,keyEncipherment,keyCertSign
|
|
|
|
basicConstraints = critical,CA:true,pathlen:1
|
|
|
|
subjectKeyIdentifier = hash
|
|
|
|
authorityKeyIdentifier = keyid:always,issuer
|
|
|
|
basicConstraints = critical,CA:true
|
|
|
|
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
|
|
|
authorityInfoAccess = caIssuers;URI:https://example.com/certs
|
|
|
|
crlDistributionPoints = URI:https://example.com/crl
|
|
|
|
|
|
|
|
[ server_extensions ]
|
|
|
|
keyUsage = critical,digitalSignature,keyEncipherment
|
|
|
|
extendedKeyUsage = serverAuth,clientAuth
|
|
|
|
subjectKeyIdentifier = hash
|
|
|
|
authorityKeyIdentifier = keyid:always
|
2023-07-18 17:09:11 +00:00
|
|
|
authorityInfoAccess = caIssuers;URI:https://example.com/certs
|
2023-05-12 19:07:28 +00:00
|
|
|
crlDistributionPoints = URI:https://example.com/crl
|
2023-07-18 17:09:11 +00:00
|
|
|
subjectAltName = @alternate_names
|
2023-05-12 19:07:28 +00:00
|
|
|
|
|
|
|
[ signer_extensions ]
|
|
|
|
keyUsage = critical,digitalSignature,nonRepudiation,keyEncipherment
|
|
|
|
subjectKeyIdentifier = hash
|
|
|
|
authorityKeyIdentifier = keyid:always,issuer
|
|
|
|
keyUsage = critical, digitalSignature
|
|
|
|
authorityInfoAccess = caIssuers;URI:https://example.com/certs/
|
2023-07-18 17:09:11 +00:00
|
|
|
crlDistributionPoints = URI:https://example.com/crl
|