1 # See ../../doth/CA/ca.cfg for more information 2 3 # certificate authority configuration 4 [ca] 5 default_ca = CA_default # The default ca section 6 7 [CA_default] 8 dir = . 9 new_certs_dir = $dir/newcerts # new certs dir (must be created) 10 certificate = $dir/CA.pem # The CA cert 11 private_key = $dir/private/CA.key # CA private key 12 13 serial = $dir/serial # serial number file for the next certificate 14 # Update before issuing it: 15 # xxd -l 8 -u -ps /dev/urandom > ./serial 16 database = $dir/index.txt # (must be created manually: touch ./index.txt) 17 18 default_days = 1 # how long to certify for 19 20 #default_crl_days = 30 # the number of days before the 21 default_crl_days = 10950 # next CRL is due. That is the 22 # days from now to place in the 23 # CRL nextUpdate field. If CRL 24 # is expired, certificate 25 # verifications will fail even 26 # for otherwise valid 27 # certificates. Clients might 28 # cache the CRL, so the expiry 29 # period should normally be 30 # relatively short (default: 31 # 30) for production CAs. 32 33 default_md = sha256 # digest to use 34 35 policy = policy_default # default policy 36 email_in_dn = no # Don't add the email into cert DN 37 38 name_opt = ca_default # Subject name display option 39 cert_opt = ca_default # Certificate display option 40 41 # We need the following in order to copy Subject Alt Name(s) from a 42 # request to the certificate. 43 copy_extensions = copy # copy extensions from request 44 45 [policy_default] 46 countryName = optional 47 stateOrProvinceName = optional 48 organizationalUnitName = optional 49 commonName = supplied 50 emailAddress = optional 51 52 # default certificate requests settings 53 [req] 54 # Options for the `req` tool (`man req`). 55 default_bits = 3072 # for RSA only 56 distinguished_name = req_default 57 string_mask = utf8only 58 # SHA-1 is deprecated, so use SHA-256 instead. 59 default_md = sha256 60 # do not encrypt the private key file 61 encrypt_key = no 62 63 [req_default] 64 # See <https://en.wikipedia.org/wiki/Certificate_signing_request>. 65 countryName = Country Name (2 letter code) 66 stateOrProvinceName = State or Province Name (full name) 67 localityName = Locality Name (e.g., city) 68 0.organizationName = Organization Name (e.g., company) 69 organizationalUnitName = Organizational Unit Name (e.g. department) 70 commonName = Common Name (e.g. server FQDN or YOUR name) 71 emailAddress = Email Address 72 # defaults 73 countryName_default = UA 74 stateOrProvinceName_default = Kharkiv Oblast 75 localityName_default = Kharkiv 76 0.organizationName_default = ISC 77 organizationalUnitName_default = Software Engeneering (BIND 9) 78
Indexes created Mon Mar 02 05:31:46 UTC 2026