1: #
    2: # SSLeay example configuration file.
    3: # This is mostly being used for generation of certificate requests.
    4: #
    5: 
    6: RANDFILE                = ./.rnd
    7: 
    8: ####################################################################
    9: [ req ]
   10: default_bits            = 512
   11: default_keyfile         = keySS.pem
   12: distinguished_name      = req_distinguished_name
   13: encrypt_rsa_key         = no
   14: default_md              = sha1
   15: 
   16: [ req_distinguished_name ]
   17: countryName                     = Country Name (2 letter code)
   18: countryName_default             = AU
   19: countryName_value               = AU
   20: 
   21: organizationName                = Organization Name (eg, company)
   22: organizationName_value          = Dodgy Brothers
   23: 
   24: commonName                      = Common Name (eg, YOUR name)
   25: commonName_value                = Dodgy CA
   26: 
   27: ####################################################################
   28: [ ca ]
   29: default_ca      = CA_default         # The default ca section
   30: 
   31: ####################################################################
   32: [ CA_default ]
   33: 
   34: dir             = ./demoCA         # Where everything is kept
   35: certs           = $dir/certs             # Where the issued certs are kept
   36: crl_dir         = $dir/crl             # Where the issued crl are kept
   37: database        = $dir/index.txt       # database index file.
   38: #unique_subject = no                    # Set to 'no' to allow creation of
   39:                                         # several ctificates with same subject.
   40: new_certs_dir   = $dir/newcerts           # default place for new certs.
   41: 
   42: certificate     = $dir/cacert.pem   # The CA certificate
   43: serial          = $dir/serial           # The current serial number
   44: crl             = $dir/crl.pem             # The current CRL
   45: private_key     = $dir/private/cakey.pem# The private key
   46: RANDFILE        = $dir/private/.rand   # private random number file
   47: 
   48: x509_extensions = v3_ca                 # The extentions to add to the cert
   49: 
   50: name_opt        = ca_default          # Subject Name options
   51: cert_opt        = ca_default          # Certificate field options
   52: 
   53: default_days    = 365                      # how long to certify for
   54: default_crl_days= 30                    # how long before next CRL
   55: default_md      = md5                        # which md to use.
   56: preserve        = no                   # keep passed DN ordering
   57: 
   58: policy          = policy_anything
   59: 
   60: [ policy_anything ]
   61: countryName             = optional
   62: stateOrProvinceName     = optional
   63: localityName            = optional
   64: organizationName        = optional
   65: organizationalUnitName  = optional
   66: commonName              = supplied
   67: emailAddress            = optional
   68: 
   69: 
   70: 
   71: [ v3_ca ]
   72: subjectKeyIdentifier=hash
   73: authorityKeyIdentifier=keyid:always,issuer:always
   74: basicConstraints = CA:true,pathlen:1
   75: keyUsage = cRLSign, keyCertSign
   76: issuerAltName=issuer:copy