2 # aleksey-xkms-01 OpenSSL configuration file.
4 # Environment variables:
5 # CA_TOP - the CA folder (./demoCA)
6 # CERT_NAME - the currently generated certificate name ("")
8 # This definition stops the following lines choking if HOME isn't
11 RANDFILE = $ENV::HOME/.rnd
14 default_ca = CA_default # The default ca section
17 dir = $ENV::CA_TOP # Where everything is kept
18 certs = $dir/certs # Where the issued certs are kept
19 crl_dir = $dir/crl # Where the issued crl are kept
20 database = $dir/index.txt # database index file.
21 new_certs_dir = $dir/newcerts # default place for new certs.
23 certificate = cert1.pem # The CA certificate
24 private_key = key1.pem # The private key
25 serial = $dir/serial # The current serial number
26 crl = $dir/crl.pem # The current CRL
27 RANDFILE = $dir/private/.rand # private random number file
29 x509_extensions = usr_cert # The extentions to add to the cert
31 # Comment out the following two lines for the "traditional"
32 # (and highly broken) format.
33 name_opt = ca_default # Subject Name options
34 cert_opt = ca_default # Certificate field options
36 default_days = 3650 # how long to certify for
37 default_crl_days = 30 # how long before next CRL
38 default_md = sha1 # which md to use.
39 preserve = no # keep passed DN ordering
45 stateOrProvinceName = match
46 organizationName = match
47 organizationalUnitName = optional
49 emailAddress = optional
52 countryName = optional
53 stateOrProvinceName = optional
54 localityName = optional
55 organizationName = optional
56 organizationalUnitName = optional
58 emailAddress = optional
60 ####################################################################
63 default_keyfile = privkey.pem
64 distinguished_name = req_distinguished_name
65 attributes = req_attributes
66 x509_extensions = v3_ca
67 input_password = secret
68 output_password = secret
71 [ req_distinguished_name ]
72 countryName = Country Name (2 letter code)
73 countryName_default = US
74 stateOrProvinceName = State or Province Name (full name)
75 stateOrProvinceName_default = California
76 localityName = Locality Name (eg, city)
77 localityName_default = Sunnyvale
78 0.organizationName = Organization Name (eg, company)
79 0.organizationName_default = XML Security Library
80 organizationalUnitName = Organizational Unit Name (eg, section)
81 organizationalUnitName_default = $ENV::CERT_NAME
82 commonName = Common Name (eg, your name or your server\'s hostname)
83 commonName_default = http://www.aleksey.com/xmlsec
84 emailAddress = Email Address
85 emailAddress_default = xmlsec@aleksey.com
90 basicConstraints = CA:FALSE
91 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
92 nsComment = $ENV::CERT_NAME
95 basicConstraints = CA:TRUE
96 subjectKeyIdentifier = hash
97 authorityKeyIdentifier = keyid:always,issuer:always
98 nsComment = $ENV::CERT_NAME
101 basicConstraints = CA:FALSE
102 nsCertType = client, email, objsign
103 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
104 nsComment = $ENV::CERT_NAME
105 subjectKeyIdentifier = hash
106 authorityKeyIdentifier = keyid,issuer:always