openssl.cnf revision 1391:6f26e2e5f4f3
1# 2# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 3# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4# 5# This code is free software; you can redistribute it and/or modify it 6# under the terms of the GNU General Public License version 2 only, as 7# published by the Free Software Foundation. Sun designates this 8# particular file as subject to the "Classpath" exception as provided 9# by Sun in the LICENSE file that accompanied this code. 10# 11# This code is distributed in the hope that it will be useful, but WITHOUT 12# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14# version 2 for more details (a copy is included in the LICENSE file that 15# accompanied this code). 16# 17# You should have received a copy of the GNU General Public License version 18# 2 along with this work; if not, write to the Free Software Foundation, 19# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20# 21# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, 22# CA 95054 USA or visit www.sun.com if you need additional information or 23# have any questions. 24# 25 26# 27# OpenSSL configuration file. 28# 29 30HOME = . 31RANDFILE = $ENV::HOME/.rnd 32 33[ ca ] 34default_ca = CA_default 35 36[ CA_default ] 37dir = ./top 38certs = $dir/certs 39crl_dir = $dir/crl 40database = $dir/index.txt 41unique_subject = no 42new_certs_dir = $dir/newcerts 43certificate = $dir/cacert.pem 44serial = $dir/serial 45crlnumber = $dir/crlnumber 46crl = $dir/crl.pem 47private_key = $dir/private/cakey.pem 48RANDFILE = $dir/private/.rand 49x509_extensions = v3_ca 50 51name_opt = ca_default 52cert_opt = ca_default 53 54default_days = 7650 55default_crl_days = 30 56default_md = sha1 57preserve = no 58 59policy = policy_anything 60 61[ ca_top ] 62dir = ./root 63certs = $dir/certs 64crl_dir = $dir/crl 65database = $dir/index.txt 66unique_subject = no 67new_certs_dir = $dir/newcerts 68certificate = $dir/cacert.pem 69serial = $dir/serial 70crlnumber = $dir/crlnumber 71crl = $dir/crl.pem 72private_key = $dir/private/cakey.pem 73RANDFILE = $dir/private/.rand 74 75x509_extensions = v3_ca 76 77name_opt = ca_default 78cert_opt = ca_default 79 80default_days = 7650 81default_crl_days = 30 82default_md = sha1 83preserve = no 84 85policy = policy_anything 86 87[ ca_subca ] 88dir = ./subca 89certs = $dir/certs 90crl_dir = $dir/crl 91database = $dir/index.txt 92unique_subject = no 93new_certs_dir = $dir/newcerts 94 95certificate = $dir/cacert.pem 96serial = $dir/serial 97crlnumber = $dir/crlnumber 98crl = $dir/crl.pem 99private_key = $dir/private/cakey.pem 100RANDFILE = $dir/private/.rand 101 102x509_extensions = usr_cert 103 104name_opt = ca_default 105cert_opt = ca_default 106 107default_days = 7650 108default_crl_days = 30 109default_md = sha1 110preserve = no 111 112policy = policy_anything 113 114[ policy_match ] 115countryName = match 116stateOrProvinceName = match 117organizationName = match 118organizationalUnitName = optional 119commonName = supplied 120emailAddress = optional 121 122[ policy_anything ] 123countryName = optional 124stateOrProvinceName = optional 125localityName = optional 126organizationName = optional 127organizationalUnitName = optional 128commonName = supplied 129emailAddress = optional 130 131[ req ] 132default_bits = 1024 133default_keyfile = privkey.pem 134distinguished_name = req_distinguished_name 135attributes = req_attributes 136x509_extensions = v3_ca 137 138string_mask = nombstr 139 140[ req_distinguished_name ] 141countryName = Country Name (2 letter code) 142countryName_default = NO 143countryName_min = 2 144countryName_max = 2 145 146stateOrProvinceName = State or Province Name (full name) 147stateOrProvinceName_default = A-State 148 149localityName = Locality Name (eg, city) 150 1510.organizationName = Organization Name (eg, company) 1520.organizationName_default = Internet Widgits Pty Ltd 153 154organizationalUnitName = Organizational Unit Name (eg, section) 155 156commonName = Common Name (eg, YOUR name) 157commonName_max = 64 158 159emailAddress = Email Address 160emailAddress_max = 64 161 162[ req_attributes ] 163challengePassword = A challenge password 164challengePassword_min = 4 165challengePassword_max = 20 166unstructuredName = An optional company name 167 168[ usr_cert ] 169keyUsage = nonRepudiation, digitalSignature, keyEncipherment 170 171subjectKeyIdentifier = hash 172authorityKeyIdentifier = keyid,issuer 173 174[ v3_req ] 175basicConstraints = CA:FALSE 176keyUsage = nonRepudiation, digitalSignature, keyEncipherment 177subjectAltName = email:example@openjdk.net, RID:1.2.3.4:true 178 179[ v3_ca ] 180subjectKeyIdentifier = hash 181authorityKeyIdentifier = keyid:always,issuer:always 182basicConstraints = critical,CA:true 183keyUsage = keyCertSign, cRLSign 184 185[ cert_issuer ] 186subjectKeyIdentifier = hash 187authorityKeyIdentifier = keyid:always,issuer:always 188basicConstraints = critical,CA:true 189keyUsage = keyCertSign, cRLSign 190 191[ crl_issuer ] 192subjectKeyIdentifier = hash 193authorityKeyIdentifier = keyid:always,issuer:always 194basicConstraints = critical,CA:true 195keyUsage = keyCertSign, cRLSign 196 197 198[ crl_ext ] 199authorityKeyIdentifier = keyid:always,issuer:always 200 201[ ee_of_subca ] 202keyUsage = nonRepudiation, digitalSignature, keyEncipherment, keyAgreement 203 204subjectKeyIdentifier = hash 205authorityKeyIdentifier = keyid,issuer 206