2 RANDFILE = $ENV::HOME/.rnd
4 ####################################################################
8 default_keyfile = serverkey.pem
9 distinguished_name = server_distinguished_name
10 req_extensions = server_req_extensions
11 string_mask = utf8only
14 default_ca = CA_default # The default ca section
18 default_days = 1000 # How long to certify for
19 default_crl_days = 30 # How long before next CRL
20 default_md = sha256 # Use public key default MD
21 preserve = no # Keep passed DN ordering
23 x509_extensions = ca_extensions # The extensions to add to the cert
25 email_in_dn = no # Don't concat the email in the DN
26 copy_extensions = copy # Required to copy SANs from CSR to cert
28 certificate = $base_dir/servercert.pem # The CA certifcate
29 private_key = $base_dir/serverkey.pem # The CA private key
30 new_certs_dir = $base_dir # Location for new certs after signing
31 database = $base_dir/index-ri.txt # Database index file
32 serial = $base_dir/serial-ri.txt # The current serial number
34 unique_subject = no # Set to 'no' to allow creation of
35 # several certificates with same subject.
36 ####################################################################
38 countryName = optional
39 stateOrProvinceName = optional
40 localityName = optional
41 organizationName = optional
42 organizationalUnitName = optional
44 emailAddress = optional
46 ####################################################################
48 subjectKeyIdentifier = hash
49 authorityKeyIdentifier = keyid,issuer
50 # authorityKeyIdentifier = issuer
51 basicConstraints = CA:FALSE
52 keyUsage = digitalSignature, keyEncipherment
54 ####################################################################
55 [ server_distinguished_name ]
57 organizationName = Nokia NET
58 commonName = Test Server
59 # emailAddress = test@server.com
60 stateOrProvinceName = Uusimaa
63 ####################################################################
64 [ server_req_extensions ]
66 subjectKeyIdentifier = hash
67 basicConstraints = CA:FALSE
68 keyUsage = digitalSignature, keyEncipherment
69 subjectAltName = @alternate_names
70 nsComment = "OpenSSL Generated Certificate"
72 ####################################################################