2 RANDFILE = $ENV::HOME/.rnd
4 ####################################################################
6 default_ca = CA_default # The default ca section
10 default_days = 1000 # How long to certify for
11 default_crl_days = 30 # How long before next CRL
12 default_md = sha256 # Use public key default MD
13 preserve = no # Keep passed DN ordering
15 x509_extensions = ca_extensions # The extensions to add to the cert
17 email_in_dn = no # Don't concat the email in the DN
18 copy_extensions = copy # Required to copy SANs from CSR to cert
20 certificate = $base_dir/cacert.pem # The CA certifcate
21 private_key = $base_dir/cakey.pem # The CA private key
22 new_certs_dir = $base_dir # Location for new certs after signing
23 database = $base_dir/index.txt # Database index file
24 serial = $base_dir/serial.txt # The current serial number
26 unique_subject = no # Set to 'no' to allow creation of
27 # several certificates with same subject.
29 ####################################################################
33 default_keyfile = cakey.pem
34 distinguished_name = ca_distinguished_name
35 x509_extensions = ca_extensions
36 string_mask = utf8only
38 ####################################################################
39 [ ca_distinguished_name ]
41 organizationName = Nokia OY
43 # commonName_default = Test Server
44 # emailAddress = test@server.com
45 stateOrProvinceName = Uusimaa
48 ####################################################################
51 subjectKeyIdentifier = hash
52 authorityKeyIdentifier = keyid:always, issuer
53 basicConstraints = critical, CA:true
54 keyUsage = keyCertSign, cRLSign
56 ####################################################################
58 countryName = optional
59 stateOrProvinceName = optional
60 localityName = optional
61 organizationName = optional
62 organizationalUnitName = optional
64 emailAddress = optional
66 ####################################################################
68 subjectKeyIdentifier = hash
69 authorityKeyIdentifier = keyid,issuer
70 basicConstraints = CA:FALSE
71 keyUsage = digitalSignature, keyEncipherment