5 # The default test root, used to generate certificates and CRLs.
8 key_size = $ENV::KEY_SIZE
10 cert_type = $ENV::CERT_TYPE
12 certificate = $ENV::CERTIFICATE
13 database = $dir/$type-index.txt
15 serial = $dir/$type-serial
16 certificate = $dir/$certificate.pem
17 private_key = $dir/$type.key
22 policy = policy_anything
26 # Extensions to add when signing a request for an EE cert
27 basicConstraints = critical, CA:false
28 subjectKeyIdentifier = hash
29 authorityKeyIdentifier = keyid:always
30 extendedKeyUsage = serverAuth,clientAuth
33 # Extensions to add when signing a request for an intermediate/CA cert
34 basicConstraints = critical, CA:true
35 subjectKeyIdentifier = hash
36 #authorityKeyIdentifier = keyid:always
37 keyUsage = critical, keyCertSign, cRLSign
40 # Extensions to add when signing a CRL
41 authorityKeyIdentifier = keyid:always
44 # Default signing policy
45 countryName = optional
46 stateOrProvinceName = optional
47 localityName = optional
48 organizationName = optional
49 organizationalUnitName = optional
51 emailAddress = optional
54 # The request section used to generate the root CA certificate. This should
55 # not be used to generate end-entity certificates. For certificates other
56 # than the root CA, see README to find the appropriate configuration file
57 # (ie: openssl_cert.cnf).
58 default_bits = $ENV::KEY_SIZE
60 string_mask = utf8only
63 distinguished_name = $ENV::CA_NAME
77 CN = Test Intermediate 2 CA
80 CN = $ENV::CA_COMMON_NAME