1 2# Comment out the next line to ignore configuration errors 3config_diagnostics = 1 4 5CN2 = Brother 2 6 7#################################################################### 8[ req ] 9distinguished_name = req_distinguished_name 10encrypt_rsa_key = no 11default_md = sha1 12 13[ req_distinguished_name ] 14countryName = Country Name (2 letter code) 15countryName_value = AU 16organizationName = Organization Name (eg, company) 17organizationName_value = Dodgy Brothers 18commonName = Common Name (eg, YOUR name) 19commonName_value = Dodgy CA 20 21#################################################################### 22[ userreq ] 23distinguished_name = user_dn 24encrypt_rsa_key = no 25default_md = sha256 26prompt = no 27 28[ user_dn ] 29countryName = AU 30organizationName = Dodgy Brothers 310.commonName = Brother 1 321.commonName = $ENV::CN2 33 34[ v3_ee ] 35subjectKeyIdentifier = hash 36authorityKeyIdentifier = keyid,issuer:always 37basicConstraints = CA:false 38keyUsage = nonRepudiation, digitalSignature, keyEncipherment 39 40[ v3_ee_dsa ] 41subjectKeyIdentifier = hash 42authorityKeyIdentifier = keyid:always 43basicConstraints = CA:false 44keyUsage = nonRepudiation, digitalSignature 45 46[ v3_ee_ec ] 47subjectKeyIdentifier = hash 48authorityKeyIdentifier = keyid:always 49basicConstraints = CA:false 50keyUsage = nonRepudiation, digitalSignature, keyAgreement 51 52#################################################################### 53[ ca ] 54default_ca = CA_default 55 56[ CA_default ] 57dir = ./demoCA 58certs = $dir/certs 59crl_dir = $dir/crl 60database = $dir/index.txt 61new_certs_dir = $dir/newcerts 62certificate = $dir/cacert.pem 63serial = $dir/serial 64crl = $dir/crl.pem 65private_key = $dir/private/cakey.pem 66x509_extensions = v3_ca 67name_opt = ca_default 68cert_opt = ca_default 69default_days = 365 70default_crl_days= 30 71default_md = sha1 72preserve = no 73policy = policy_anything 74 75[ policy_anything ] 76countryName = optional 77stateOrProvinceName = optional 78localityName = optional 79organizationName = optional 80organizationalUnitName = optional 81commonName = supplied 82emailAddress = optional 83 84[ v3_ca ] 85subjectKeyIdentifier = hash 86authorityKeyIdentifier = keyid:always,issuer:always 87basicConstraints = critical,CA:true,pathlen:1 88keyUsage = cRLSign, keyCertSign 89issuerAltName = issuer:copy 90