openssl/test/CAss.cnf

#
# SSLeay example configuration file.
# This is mostly being used for generation of certificate requests.
#

RANDFILE		= ./.rnd

####################################################################
[ req ]
default_bits		= 1024
default_keyfile 	= keySS.pem
distinguished_name	= req_distinguished_name
encrypt_rsa_key		= no
default_md		= sha1

[ req_distinguished_name ]
countryName			= Country Name (2 letter code)
countryName_default		= AU
countryName_value		= AU

organizationName		= Organization Name (eg, company)
organizationName_value		= Dodgy Brothers

commonName			= Common Name (eg, YOUR name)
commonName_value		= Dodgy CA

####################################################################
[ ca ]
default_ca	= CA_default		# The default ca section

####################################################################
[ CA_default ]

dir		= ./demoCA		# Where everything is kept
certs		= $dir/certs		# Where the issued certs are kept
crl_dir		= $dir/crl		# Where the issued crl are kept
database	= $dir/index.txt	# database index file.
#unique_subject	= no			# Set to 'no' to allow creation of
					# several ctificates with same subject.
new_certs_dir	= $dir/newcerts		# default place for new certs.

certificate	= $dir/cacert.pem 	# The CA certificate
serial		= $dir/serial 		# The current serial number
crl		= $dir/crl.pem 		# The current CRL
private_key	= $dir/private/cakey.pem# The private key
RANDFILE	= $dir/private/.rand	# private random number file

x509_extensions	= v3_ca			# The extentions to add to the cert

name_opt 	= ca_default		# Subject Name options
cert_opt 	= ca_default		# Certificate field options

default_days	= 365			# how long to certify for
default_crl_days= 30			# how long before next CRL
default_md	= md5			# which md to use.
preserve	= no			# keep passed DN ordering

policy		= policy_anything

[ policy_anything ]
countryName		= optional
stateOrProvinceName	= optional
localityName		= optional
organizationName	= optional
organizationalUnitName	= optional
commonName		= supplied
emailAddress		= optional


[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true,pathlen:1
keyUsage = cRLSign, keyCertSign
issuerAltName=issuer:copy
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 18:52:47 +08:00			`#`
			`# SSLeay example configuration file.`
			`# This is mostly being used for generation of certificate requests.`
			`#`

			`RANDFILE = ./.rnd`

			`####################################################################`
			`[ req ]`
Make tesfipsssl pass. 2007-08-21 23:26:51 +08:00			`default_bits = 1024`
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 18:52:47 +08:00			`default_keyfile = keySS.pem`
			`distinguished_name = req_distinguished_name`
			`encrypt_rsa_key = no`
			`default_md = sha1`

			`[ req_distinguished_name ]`
			`countryName = Country Name (2 letter code)`
			`countryName_default = AU`
			`countryName_value = AU`

			`organizationName = Organization Name (eg, company)`
			`organizationName_value = Dodgy Brothers`

			`commonName = Common Name (eg, YOUR name)`
			`commonName_value = Dodgy CA`
Add a CA section, to make sure the test will work with the changes in CA.sh. 2003-04-04 06:38:31 +08:00
			`####################################################################`
			`[ ca ]`
			`default_ca = CA_default # The default ca section`

			`####################################################################`
			`[ CA_default ]`

			`dir = ./demoCA # Where everything is kept`
			`certs = $dir/certs # Where the issued certs are kept`
			`crl_dir = $dir/crl # Where the issued crl are kept`
			`database = $dir/index.txt # database index file.`
			`#unique_subject = no # Set to 'no' to allow creation of`
			`# several ctificates with same subject.`
			`new_certs_dir = $dir/newcerts # default place for new certs.`

			`certificate = $dir/cacert.pem # The CA certificate`
			`serial = $dir/serial # The current serial number`
			`crl = $dir/crl.pem # The current CRL`
			`private_key = $dir/private/cakey.pem# The private key`
			`RANDFILE = $dir/private/.rand # private random number file`

			`x509_extensions = v3_ca # The extentions to add to the cert`

			`name_opt = ca_default # Subject Name options`
			`cert_opt = ca_default # Certificate field options`

			`default_days = 365 # how long to certify for`
			`default_crl_days= 30 # how long before next CRL`
			`default_md = md5 # which md to use.`
			`preserve = no # keep passed DN ordering`

			`policy = policy_anything`

			`[ policy_anything ]`
			`countryName = optional`
			`stateOrProvinceName = optional`
			`localityName = optional`
			`organizationName = optional`
			`organizationalUnitName = optional`
			`commonName = supplied`
			`emailAddress = optional`



			`[ v3_ca ]`
			`subjectKeyIdentifier=hash`
			`authorityKeyIdentifier=keyid:always,issuer:always`
Add functionality needed to process proxy certificates. 2004-12-28 08:21:35 +08:00			`basicConstraints = CA:true,pathlen:1`
			`keyUsage = cRLSign, keyCertSign`
			`issuerAltName=issuer:copy`