ca.cnf revision 1.1
1 # 2 # OpenSSL example configuration file for automated certificate creation. 3 # 4 5 # This definition stops the following lines choking if HOME or CN 6 # is undefined. 7 HOME = . 8 RANDFILE = $ENV::HOME/.rnd 9 CN = "Not Defined" 10 default_ca = ca 11 12 #################################################################### 13 [ req ] 14 default_bits = 2048 15 default_keyfile = privkey.pem 16 # Don't prompt for fields: use those in section directly 17 prompt = no 18 distinguished_name = req_distinguished_name 19 x509_extensions = v3_ca # The extentions to add to the self signed cert 20 string_mask = utf8only 21 22 # req_extensions = v3_req # The extensions to add to a certificate request 23 24 [ req_distinguished_name ] 25 countryName = UK 26 27 organizationName = OpenSSL Group 28 # Take CN from environment so it can come from a script. 29 commonName = $ENV::CN 30 31 [ usr_cert ] 32 33 # These extensions are added when 'ca' signs a request for an end entity 34 # certificate 35 36 basicConstraints=critical, CA:FALSE 37 keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment 38 39 # PKIX recommendations harmless if included in all certificates. 40 subjectKeyIdentifier=hash 41 authorityKeyIdentifier=keyid 42 43 [ dh_cert ] 44 45 # These extensions are added when 'ca' signs a request for an end entity 46 # DH certificate 47 48 basicConstraints=critical, CA:FALSE 49 keyUsage=critical, keyAgreement 50 51 # PKIX recommendations harmless if included in all certificates. 52 subjectKeyIdentifier=hash 53 authorityKeyIdentifier=keyid 54 55 [ v3_ca ] 56 57 58 # Extensions for a typical CA 59 60 # PKIX recommendation. 61 62 subjectKeyIdentifier=hash 63 authorityKeyIdentifier=keyid:always 64 basicConstraints = critical,CA:true 65 keyUsage = critical, cRLSign, keyCertSign 66 67
Indexes created Sat Feb 28 05:31:39 UTC 2026