mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-01-04 20:24:18 +00:00
54 lines
1.6 KiB
Plaintext
54 lines
1.6 KiB
Plaintext
[ ca ]
|
|
default_ca = ca_default
|
|
|
|
[ ca_default ]
|
|
new_certs_dir = ./ca/certs
|
|
database = ./ca/db
|
|
serial = ./ca/serial.txt
|
|
policy = generic_policy
|
|
copy_extensions = copy
|
|
default_md = sha256
|
|
default_days = 3650
|
|
unique_subject = no
|
|
|
|
[ req ]
|
|
distinguished_name = generic_policy
|
|
|
|
[ generic_policy ]
|
|
countryName = optional
|
|
stateOrProvinceName = optional
|
|
localityName = optional
|
|
organizationName = optional
|
|
organizationalUnitName = optional
|
|
commonName = optional
|
|
emailAddress = optional
|
|
|
|
[ ca_extensions ]
|
|
keyUsage = critical,digitalSignature,nonRepudiation,keyEncipherment,keyCertSign
|
|
basicConstraints = critical,CA:true,pathlen:1
|
|
subjectKeyIdentifier = hash
|
|
authorityKeyIdentifier = keyid:always,issuer
|
|
basicConstraints = critical,CA:true
|
|
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
|
authorityInfoAccess = caIssuers;URI:https://example.com/certs
|
|
crlDistributionPoints = URI:https://example.com/crl
|
|
|
|
[ server_extensions ]
|
|
keyUsage = critical,digitalSignature,keyEncipherment
|
|
basicConstraints = CA:false
|
|
extendedKeyUsage = serverAuth,clientAuth
|
|
subjectKeyIdentifier = hash
|
|
authorityKeyIdentifier = keyid:always
|
|
authorityInfoAccess = caIssuers;URI:https://example.com/certs
|
|
crlDistributionPoints = URI:https://example.com/crl
|
|
|
|
[ signer_extensions ]
|
|
keyUsage = critical,digitalSignature,nonRepudiation,keyEncipherment
|
|
subjectKeyIdentifier = hash
|
|
authorityKeyIdentifier = keyid:always,issuer
|
|
basicConstraints = critical,CA:false
|
|
keyUsage = critical, digitalSignature
|
|
authorityInfoAccess = caIssuers;URI:https://example.com/certs/
|
|
crlDistributionPoints = URI:https://example.com/crl
|
|
|