HIRS/package/scripts/pki/ca.conf

56 lines
1.7 KiB
Plaintext

[ ca ]
default_ca = ca_default
[ ca_default ]
new_certs_dir = ./ca/certs
database = ./ca/db
serial = ./ca/serial.txt
policy = generic_policy
copy_extensions = copy
default_md = sha256
default_days = 3650
unique_subject = no
[ req ]
distinguished_name = generic_policy
[ generic_policy ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = optional
emailAddress = optional
[ alternate_names ]
DNS.1 = localhost
DNS.2 = localhost.localdomain
DNS.3 = 127.0.0.1
[ ca_extensions ]
keyUsage = critical,digitalSignature,nonRepudiation,keyEncipherment,keyCertSign
basicConstraints = critical,CA:true,pathlen:1
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = critical,CA:true
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
authorityInfoAccess = caIssuers;URI:https://example.com/certs
crlDistributionPoints = URI:https://example.com/crl
[ server_extensions ]
keyUsage = critical,digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth,clientAuth
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always
authorityInfoAccess = caIssuers;URI:https://example.com/certs
crlDistributionPoints = URI:https://example.com/crl
subjectAltName = @alternate_names
[ signer_extensions ]
keyUsage = critical,digitalSignature,nonRepudiation,keyEncipherment
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
keyUsage = critical, digitalSignature
authorityInfoAccess = caIssuers;URI:https://example.com/certs/
crlDistributionPoints = URI:https://example.com/crl