HOME = . RANDFILE = $ENV::HOME/.rnd oid_section = new_oids [ new_oids ] my_policy_oid = 1.3.6.1.4.1.18506.2.3.1 [ ca ] default_ca = CA_default [ CA_default ] dir = /home/cacert/etc/ssl/CA # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. new_certs_dir = $dir/newcerts # default place for new certs. certificate = $dir/cacert.crt # The CA certificate serial = $dir/serial # The current serial number crl = $dir/crl.pem # The current CRL private_key = $dir/cacert.pem # The private key RANDFILE = $dir/private/.rand # private random number file x509_extensions = v3_ca # The extentions to add to the cert default_days = 9970 # how long to certify for default_crl_days= 7 # how long before next CRL default_md = sha512 # which md to use. preserve = no # keep passed DN ordering policy = policy_anything [ policy_match ] countryName = optional stateOrProvinceName = optional organizationName = optional organizationalUnitName = optional commonName = optional [ policy_anything ] countryName = optional stateOrProvinceName = optional organizationName = optional organizationalUnitName = optional commonName = optional #################################################################### [ req ] default_bits = 4096 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca # The extentions to add to the self signed cert string_mask = nombstr [ req_attributes ] challengePassword = A challenge password challengePassword_min = 4 challengePassword_max = 20 [ req_distinguished_name ] organizationName = Organization Name (eg, company) organizationName_default = CAcert Inc. organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = http://www.CAcert.org commonName = Common Name (eg, YOUR name) commonName_default = CAcert Class 3 Root commonName_max = 64 [ v3_ca ] basicConstraints = critical, CA:true authorityInfoAccess = OCSP;URI:http://ocsp.CAcert.org/,caIssuers;URI:http://www.CAcert.org/class3.crt certificatePolicies = @polsect crlDistributionPoints = URI:https://www.cacert.org/class3.crl [ polsect ] CPS = "http://www.CAcert.org/cps.php" policyIdentifier = my_policy_oid