# OpenSSL root CA configuration file. [ ca ] # `man ca` default_ca = CA_default [ CA_default ] # Directory and file locations. dir = ./myCA/rootCA certs = $dir/certs crl_dir = $dir/crl new_certs_dir = $dir/newcerts database = $dir/index/index.txt serial = $dir/serial RANDFILE = $dir/private/.rand # The root key and root certificate. private_key = $dir/private/falcon512_CA.key certificate = $dir/certs/falcon512_CA.crt # For certificate revocation lists. crlnumber = $dir/crlnumber crl = $dir/crl/ca.crl.pem crl_extensions = crl_ext default_crl_days = 30 default_md = sha256 name_opt = ca_default cert_opt = ca_default default_days = 375 preserve = no policy = policy_strict [ policy_strict ] # The root CA should only sign intermediate certificates that match. # See the POLICY FORMAT section of `man ca`. countryName = match stateOrProvinceName = match organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional [ req ] default_bits = 2048 distinguished_name = req_distinguished_name string_mask = utf8only default_md = sha256 prompt = no # Extension to add when the -x509 option is used. x509_extensions = v3_ca [ req_distinguished_name ] commonName = JS_master_thesis countryName = SK stateOrProvinceName = Kosice #localityName = Locality Name 0.organizationName = TUKE #organizationalUnitName = Organizational Unit Name #emailAddress = Email Address [ v3_ca ] # Extensions for a typical CA (`man x509v3_config`). subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer basicConstraints = critical, CA:true keyUsage = critical, digitalSignature, cRLSign, keyCertSign [ v3_intermediate_ca ] # Extensions for a typical intermediate CA (`man x509v3_config`). subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer basicConstraints = critical, CA:true, pathlen:0 keyUsage = critical, digitalSignature, cRLSign, keyCertSign [ crl_ext ] # Extension for CRLs (`man x509v3_config`). authorityKeyIdentifier=keyid:always,issuer