| blob | 43bcf739bbbd4545a0519c8b9ad2c009e8dcc360 |
1 # This file contains the configuration for all the CAs.
3 # Root CA, used to sign the certificates of the intermediary server and
4 # client CAs.
5 [ root_ca ]
6 dir = ./ssl/
7 database = ./ssl/root_ca-certindex
8 serial = ./ssl/root_ca.srl
9 default_md = sha256
10 default_days= 10000
11 default_crl_days= 10000
12 certificate = ./ssl/root_ca.crt
13 private_key = ./ssl/root_ca.key
14 new_certs_dir = ./ssl/new_certs_dir
15 policy = policy_match
16 email_in_dn = no
17 copy_extensions = copy
19 # CA used to sign all the server certificates.
20 [ server_ca ]
21 dir = ./ssl/
22 database = ./ssl/server_ca-certindex
23 default_md = sha256
24 default_days= 10000
25 default_crl_days= 10000
26 certificate = ./ssl/server_ca.crt
27 private_key = ./ssl/server_ca.key
28 new_certs_dir = ./ssl/new_certs_dir
29 serial = ./ssl/server_ca.srl
30 policy = policy_match
31 email_in_dn = no
32 copy_extensions = copy
33 unique_subject = no
34 crl = ./ssl/server.crl
36 # CA used to sign all the client certificates.
37 [ client_ca ]
38 dir = ./ssl/
39 database = ./ssl/client_ca-certindex
40 default_md = sha256
41 # Startdate and enddate are required for testing notBefore/notAfter with
42 # stable timestamps.
43 default_startdate = 20230629010101Z
44 default_enddate = 20500101010101Z
45 default_crl_days= 10000
46 certificate = ./ssl/client_ca.crt
47 private_key = ./ssl/client_ca.key
48 new_certs_dir = ./ssl/new_certs_dir
49 serial = ./ssl/client_ca.srl
50 policy = policy_match
51 email_in_dn = no
52 copy_extensions = copy
53 unique_subject = no
54 crl = ./ssl/client.crl
56 # This is common for all CAs.
57 [ policy_match ]
58 countryName = optional
59 stateOrProvinceName = optional
60 organizationName = optional
61 organizationalUnitName = optional
62 commonName = optional
63 emailAddress = optional