108 lines
		
	
	
		
			3.3 KiB
		
	
	
	
		
			INI
		
	
	
	
	
	
			
		
		
	
	
			108 lines
		
	
	
		
			3.3 KiB
		
	
	
	
		
			INI
		
	
	
	
	
	
| # OpenSSL intermediate CA configuration file.
 | |
| 
 | |
| [ ca ]
 | |
| # `man ca`
 | |
| default_ca = CA_default
 | |
| 
 | |
| [ CA_default ]
 | |
| # Directory and file locations.
 | |
| dir               = ./myCA/intermediateCA
 | |
| certs             = $dir/certs
 | |
| crl_dir           = $dir/crl
 | |
| new_certs_dir     = $dir/newcerts
 | |
| database          = $dir/index/index.txt
 | |
| serial            = $dir/serial
 | |
| RANDFILE          = $dir/private/.rand
 | |
| 
 | |
| # The root key and root certificate.
 | |
| private_key       = $dir/private/falcon512_intCA.key
 | |
| certificate       = $dir/certs/falcon512_intCA.crt
 | |
| 
 | |
| # For certificate revocation lists.
 | |
| crlnumber         = $dir/crl/crlnumber
 | |
| crl               = $dir/crl/intermediate.crl.pem
 | |
| crl_extensions    = crl_ext
 | |
| default_crl_days  = 30
 | |
| 
 | |
| # SHA-1 is deprecated, so use SHA-2 instead.
 | |
| default_md        = sha256
 | |
| 
 | |
| name_opt          = ca_default
 | |
| cert_opt          = ca_default
 | |
| default_days      = 375
 | |
| preserve          = no
 | |
| policy            = policy_loose
 | |
| 
 | |
| copy_extensions   = copy
 | |
| 
 | |
| [ policy_strict ]
 | |
| # The root CA should only sign intermediate certificates that match.
 | |
| # See the POLICY FORMAT section of `man ca`.
 | |
| countryName             = match
 | |
| stateOrProvinceName     = match
 | |
| organizationName        = match
 | |
| organizationalUnitName  = optional
 | |
| commonName              = supplied
 | |
| emailAddress            = optional
 | |
| 
 | |
| [ policy_loose ]                                         
 | |
| countryName             = optional                       
 | |
| stateOrProvinceName     = optional                       
 | |
| localityName            = optional                       
 | |
| organizationName        = optional                       
 | |
| organizationalUnitName  = optional                       
 | |
| commonName              = supplied                       
 | |
| emailAddress            = optional                      
 | |
| 
 | |
| [ req ]
 | |
| # Options for the `req` tool (`man req`).
 | |
| default_bits        = 2048
 | |
| distinguished_name  = req_distinguished_name
 | |
| string_mask         = utf8only
 | |
| default_md          = sha256
 | |
| prompt		    = no
 | |
| 
 | |
| # Extension to add when the -x509 option is used.
 | |
| x509_extensions     = v3_ca
 | |
| 
 | |
| [ req_distinguished_name ]
 | |
| commonName                      = JS_master_thesis
 | |
| countryName                     = SK
 | |
| stateOrProvinceName             = Kosice
 | |
| #localityName                    = Locality Name
 | |
| 0.organizationName              = TUKE
 | |
| #organizationalUnitName          = Organizational Unit Name
 | |
| #emailAddress                    = Email Address
 | |
| 
 | |
| [ v3_ca ]
 | |
| # Extensions for a typical CA (`man x509v3_config`).
 | |
| subjectKeyIdentifier = hash
 | |
| authorityKeyIdentifier = keyid:always,issuer
 | |
| basicConstraints = critical, CA:true
 | |
| keyUsage = critical, digitalSignature, cRLSign, keyCertSign
 | |
| 
 | |
| [ v3_intermediate_ca ]
 | |
| # Extensions for a typical intermediate CA (`man x509v3_config`).
 | |
| subjectKeyIdentifier = hash
 | |
| authorityKeyIdentifier = keyid:always,issuer
 | |
| basicConstraints = critical, CA:true, pathlen:0
 | |
| keyUsage = critical, digitalSignature, cRLSign, keyCertSign
 | |
| 
 | |
| [ crl_ext ]
 | |
| # Extension for CRLs (`man x509v3_config`).
 | |
| authorityKeyIdentifier=keyid:always
 | |
| 
 | |
| [ server_cert ]
 | |
| basicConstraints = CA:FALSE
 | |
| nsCertType = server
 | |
| authorityKeyIdentifier = keyid,issuer:always
 | |
| keyUsage = critical, digitalSignature, keyEncipherment
 | |
| extendedKeyUsage = serverAuth
 | |
| 
 | |
| [ client_cert ]
 | |
| basicConstraints = CA:FALSE
 | |
| nsCertType = client, email
 | |
| subjectKeyIdentifier = hash
 | |
| authorityKeyIdentifier = keyid,issuer
 | |
| keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
 | |
| extendedKeyUsage = clientAuth, emailProtection |