2 RANDFILE = $ENV::HOME/.rnd
4 ####################################################################
6 default_ca = CA_default # The default ca section
11 default_days = 1000 # How long to certify for
12 default_crl_days = 30 # How long before next CRL
13 default_md = sha256 # Use public key default MD
14 preserve = no # Keep passed DN ordering
16 x509_extensions = ca_extensions # The extensions to add to the cert
18 email_in_dn = no # Don't concat the email in the DN
19 copy_extensions = copy # Required to copy SANs from CSR to cert
21 ####################################################################
25 default_keyfile = cakey.pem
26 distinguished_name = ca_distinguished_name
27 x509_extensions = ca_extensions
28 string_mask = utf8only
30 ####################################################################
31 [ ca_distinguished_name ]
33 organizationName = Nokia OY
35 # commonName_default = Test Server
36 # emailAddress = test@server.com
37 stateOrProvinceName = Uusimaa
40 ####################################################################
43 subjectKeyIdentifier = hash
44 authorityKeyIdentifier = keyid:always, issuer
45 basicConstraints = critical, CA:true
46 keyUsage = keyCertSign, cRLSign