blob: ea2b662912937c76c3cab56614a39a9a3df7826e [file] [log] [blame]
CA_DIR=out
CA_NAME=aia-test-root
AIA_URL=http://aia-test.invalid
HOST_NAME=aia-host.invalid
[ca]
default_ca = CA_root
preserve = yes
[CA_root]
dir = ${ENV::CA_DIR}
key_size = 2048
algo = sha256
database = $dir/${ENV::CA_NAME}-index.txt
new_certs_dir = $dir
serial = $dir/${ENV::CA_NAME}-serial
certificate = $dir/${ENV::CA_NAME}.pem
private_key = $dir/${ENV::CA_NAME}.key
RANDFILE = $dir/.rand
default_days = 3650
default_crl_days = 30
default_md = sha256
policy = policy_anything
unique_subject = no
copy_extensions = copy
[user_cert]
basicConstraints = critical, CA:false
extendedKeyUsage = serverAuth, clientAuth
authorityInfoAccess = caIssuers;URI:${ENV::AIA_URL}
subjectAltName = DNS:${ENV::HOST_NAME}
[ca_cert]
basicConstraints = critical, CA:true
keyUsage = critical, keyCertSign, cRLSign
[policy_anything]
# Default signing policy
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = optional
emailAddress = optional
[req]
default_bits = 2048
default_md = sha256
string_mask = utf8only
prompt = no
encrypt_key = no
distinguished_name = req_env_dn
[req_env_dn]
CN = ${ENV::CA_COMMON_NAME}