| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869 |
- # Based on: https://www.feistyduck.com/library/openssl-cookbook/online/openssl-command-line/private-ca-creating-root.html
- [default]
- name = root-ca
- default_ca = ca_default
- name_opt = utf8,esc_ctrl,multiline,lname,align
- [ca_dn]
- countryName = "GB"
- organizationName = "Example"
- commonName = "Root CA"
- [ca_default]
- home = ./${ENV::CA_PATH}
- database = $home/db/index
- serial = $home/db/serial
- certificate = ./${ENV::CRT_PATH}/$name.crt
- private_key = ./${ENV::KEY_PATH}/$name.key
- RANDFILE = $home/private/random
- new_certs_dir = $home/certificates
- unique_subject = no
- copy_extensions = none
- default_days = 3650
- default_md = sha256
- policy = policy_cn_supplied
- [policy_cn_supplied]
- countryName = optional
- stateOrProvinceName = optional
- organizationName = optional
- organizationalUnitName = optional
- commonName = supplied
- emailAddress = optional
- [req]
- default_bits = 4096
- encrypt_key = yes
- default_md = sha256
- utf8 = yes
- string_mask = utf8only
- prompt = no
- distinguished_name = ca_dn
- req_extensions = ca_ext
- [ca_ext]
- basicConstraints = critical,CA:true
- keyUsage = critical,keyCertSign
- subjectKeyIdentifier = hash
- nameConstraints = @name_constraints
- [server_ext]
- authorityKeyIdentifier = keyid:always
- basicConstraints = critical,CA:false
- extendedKeyUsage = clientAuth,serverAuth
- keyUsage = critical,digitalSignature,keyEncipherment
- subjectKeyIdentifier = hash
- [client_ext]
- authorityKeyIdentifier = keyid:always
- basicConstraints = critical,CA:false
- extendedKeyUsage = clientAuth
- keyUsage = critical,digitalSignature
- subjectKeyIdentifier = hash
- [name_constraints]
- permitted;DNS.0=localhost
- permitted;IP.0=127.0.0.1/255.0.0.0
- permitted;IP.1=::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
