1: #
    2: # SSLeay example configuration file.
    3: # This is mostly being used for generation of certificate requests.
    4: #
    5: 
    6: RANDFILE                = ./.rnd
    7: 
    8: ####################################################################
    9: [ ca ]
   10: default_ca      = CA_default         # The default ca section
   11: 
   12: ####################################################################
   13: [ CA_default ]
   14: 
   15: dir             = ./demoCA         # Where everything is kept
   16: certs           = $dir/certs             # Where the issued certs are kept
   17: crl_dir         = $dir/crl             # Where the issued crl are kept
   18: database        = $dir/index.txt       # database index file.
   19: new_certs_dir   = $dir/new_certs  # default place for new certs.
   20: 
   21: certificate     = $dir/CAcert.pem   # The CA certificate
   22: serial          = $dir/serial           # The current serial number
   23: crl             = $dir/crl.pem             # The current CRL
   24: private_key     = $dir/private/CAkey.pem# The private key
   25: RANDFILE        = $dir/private/.rand   # private random number file
   26: 
   27: default_days    = 365                      # how long to certify for
   28: default_crl_days= 30                    # how long before next CRL
   29: default_md      = md5                        # which md to use.
   30: 
   31: # A few difference way of specifying how similar the request should look
   32: # For type CA, the listed attributes must be the same, and the optional
   33: # and supplied fields are just that :-)
   34: policy          = policy_match
   35: 
   36: # For the CA policy
   37: [ policy_match ]
   38: countryName             = match
   39: stateOrProvinceName     = match
   40: organizationName        = match
   41: organizationalUnitName  = optional
   42: commonName              = supplied
   43: emailAddress            = optional
   44: 
   45: # For the 'anything' policy
   46: # At this point in time, you must list all acceptable 'object'
   47: # types.
   48: [ policy_anything ]
   49: countryName             = optional
   50: stateOrProvinceName     = optional
   51: localityName            = optional
   52: organizationName        = optional
   53: organizationalUnitName  = optional
   54: commonName              = supplied
   55: emailAddress            = optional
   56: 
   57: ####################################################################
   58: [ req ]
   59: default_bits            = 512
   60: default_keyfile         = testkey.pem
   61: distinguished_name      = req_distinguished_name
   62: encrypt_rsa_key         = no
   63: 
   64: [ req_distinguished_name ]
   65: countryName                     = Country Name (2 letter code)
   66: countryName_default             = AU
   67: countryName_value               = AU
   68: 
   69: stateOrProvinceName             = State or Province Name (full name)
   70: stateOrProvinceName_default     = Queensland
   71: stateOrProvinceName_value       =
   72: 
   73: localityName                    = Locality Name (eg, city)
   74: localityName_value              = Brisbane
   75: 
   76: organizationName                = Organization Name (eg, company)
   77: organizationName_default        = 
   78: organizationName_value          = CryptSoft Pty Ltd
   79: 
   80: organizationalUnitName          = Organizational Unit Name (eg, section)
   81: organizationalUnitName_default  =
   82: organizationalUnitName_value    = .
   83: 
   84: commonName                      = Common Name (eg, YOUR name)
   85: commonName_value                = Eric Young
   86: 
   87: emailAddress                    = Email Address
   88: emailAddress_value              = eay@mincom.oz.au