tls/tests/files/ssl/ca.conf

   1 # Root CA
   2
   3 [ req ]
   4 # Use SHA-1 to verify that it does not affect the trust of root certificates.
   5 default_md              = sha1
   6 utf8                    = yes
   7 string_mask             = utf8only
   8 prompt                  = no
   9 distinguished_name      = req_dn
  10 req_extensions          = req_ext
  11 x509_extensions         = v3_req_ext
  12
  13 [ req_dn ]
  14 0.domainComponent       = "COM"
  15 1.domainComponent       = "EXAMPLE"
  16 organizationalUnitName  = "Certificate Authority"
  17 commonName              = "ca.example.com"
  18 emailAddress            = "ca@example.com"
  19
  20 [ req_ext ]
  21 subjectKeyIdentifier    = hash
  22 #authorityKeyIdentifier  = keyid:always,issuer:always
  23 basicConstraints        = critical,CA:true
  24 keyUsage                = critical,keyCertSign,cRLSign
  25
  26 [ v3_req_ext ]
  27 subjectKeyIdentifier    = hash
  28 authorityKeyIdentifier  = keyid:always,issuer:always
  29 basicConstraints        = critical,CA:true
  30 keyUsage                = critical,keyCertSign,cRLSign
  31 subjectAltName          = email:ca@example.com
  32 issuerAltName           = issuer:copy