blob: a028c73fc2d61ec65bcc99546b3edfabcbb4df34 [file] [log] [blame]
ID=1
CA_DIR=out
[ca]
default_ca = ca_settings
preserve = yes
[ca_settings]
dir = ${ENV::CA_DIR}
database = $dir/${ENV::ID}-index.txt
new_certs_dir = $dir
serial = $dir/${ENV::ID}-serial
certificate = $dir/${ENV::ID}.pem
private_key = $dir/${ENV::ID}.key
RANDFILE = $dir/rand
default_md = sha256
default_days = 3650
policy = policy_anything
unique_subject = no
copy_extensions = copy
[policy_anything]
# Default signing policy
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = optional
emailAddress = optional
[req]
default_bits = 2048
default_md = sha256
string_mask = utf8only
prompt = no
encrypt_key = no
distinguished_name = req_env_dn
[user_cert]
# Extensions to add when signing a request for an EE cert
basicConstraints = critical, CA:false
extendedKeyUsage = serverAuth,clientAuth
[san_user_cert]
subjectAltName = email:santest@example.com,otherName:msUPN;UTF8:santest@ad.corp.example.com
[ca_cert]
# Extensions to add when signing a request for an intermediate/CA cert
basicConstraints = critical, CA:true
keyUsage = critical, keyCertSign, cRLSign
[req_env_dn]
CN = ${ENV::COMMON_NAME}