HOME = . RANDFILE = $ENV::HOME/.rnd oid_section = new_oids [ new_oids ] my_policy_oid = 1.3.6.1.5 [ ca ] default_ca = CA_default [ CA_default ] dir = /etc/ssl/CA # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. new_certs_dir = $dir/newcerts # default place for new certs. certificate = $dir/cacert.crt # The CA certificate serial = $dir/serial # The current serial number crl = $dir/crl.pem # The current CRL private_key = $dir/cacert.pem # The private key RANDFILE = $dir/private/.rand # private random number file x509_extensions = usr_cert # The extentions to add to the cert default_days = 11000 # how long to certify for default_crl_days= 7 # how long before next CRL default_md = sha512 # which md to use. preserve = no # keep passed DN ordering policy = policy_anything [ policy_match ] countryName = optional stateOrProvinceName = optional organizationName = optional organizationalUnitName = optional commonName = optional [ policy_anything ] countryName = optional stateOrProvinceName = optional organizationName = optional organizationalUnitName = optional commonName = optional #################################################################### [ req ] default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca # The extentions to add to the self signed cert string_mask = nombstr [ req_attributes ] challengePassword = A challenge password challengePassword_min = 4 challengePassword_max = 20 [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = AU countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = New South Wales organizationName = Organization Name (eg, company) organizationName_default = CAcert Inc. organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = http://www.CAcert.org commonName = Common Name (eg, YOUR name) commonName_default = CAcert Inc. Signing Authority commonName_max = 64 [ v3_ca ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always basicConstraints = critical, CA:true authorityInfoAccess = OCSP;URI:http://ocsp.CAcert.org/,caIssuers;URI:http://www.CAcert.org/ca.crt certificatePolicies = @polsect nsCaPolicyUrl = http://www.CAcert.org/index.php?id=10 nsComment = "To get your own certificate for FREE, go to http://www.CAcert.org" [ polsect ] CPS = "http://www.CAcert.org/index.php?id=10" policyIdentifier = my_policy_oid