1 # OpenSSL configuration file for Suite B
4 RANDFILE = $ENV::HOME/.rnd
10 default_ca = CA_default
17 database = $dir/index.txt
19 new_certs_dir = $dir/newcerts
20 certificate = $dir/cacert.pem
22 crlnumber = $dir/crlnumber
24 private_key = $dir/private/cakey.pem
25 RANDFILE = $dir/private/.rand
27 x509_extensions = ext_client
32 copy_extensions = copy
43 stateOrProvinceName = optional
44 organizationName = match
45 organizationalUnitName = optional
47 #emailAddress = optional
50 countryName = optional
51 stateOrProvinceName = optional
52 localityName = optional
53 organizationName = optional
54 organizationalUnitName = optional
56 #emailAddress = optional
59 distinguished_name = req_distinguished_name
60 attributes = req_attributes
61 x509_extensions = v3_ca
63 string_mask = utf8only
65 [ req_distinguished_name ]
66 countryName = Country Name (2 letter code)
67 countryName_default = FI
71 localityName = Locality Name (eg, city)
72 localityName_default = Helsinki
74 0.organizationName = Organization Name (eg, company)
75 0.organizationName_default = w1.fi
77 commonName = Common Name (e.g. server FQDN or YOUR name)
85 subjectKeyIdentifier=hash
86 authorityKeyIdentifier=keyid:always,issuer
87 basicConstraints = critical, CA:true, pathlen:0
88 keyUsage = critical, cRLSign, keyCertSign
92 # issuerAltName=issuer:copy
93 authorityKeyIdentifier=keyid:always
97 basicConstraints=CA:FALSE
98 subjectKeyIdentifier=hash
99 authorityKeyIdentifier=keyid,issuer
101 extendedKeyUsage = clientAuth
102 keyUsage = digitalSignature, keyEncipherment
106 basicConstraints=critical, CA:FALSE
107 subjectKeyIdentifier=hash
108 authorityKeyIdentifier=keyid,issuer
110 extendedKeyUsage = critical, serverAuth
111 keyUsage = digitalSignature, keyEncipherment