69 lines
1.5 KiB
Plaintext
69 lines
1.5 KiB
Plaintext
[ ca ]
|
|
default_ca = testca
|
|
|
|
[ testca ]
|
|
dir = .
|
|
certificate = $dir/cacert.pem
|
|
database = $dir/index.txt
|
|
new_certs_dir = $dir/certs
|
|
private_key = $dir/private/cakey.pem
|
|
serial = $dir/serial
|
|
|
|
default_crl_days = 7
|
|
default_days = 365
|
|
default_md = sha256
|
|
|
|
policy = testca_policy
|
|
x509_extensions = certificate_extensions
|
|
|
|
[ testca_policy ]
|
|
commonName = supplied
|
|
stateOrProvinceName = optional
|
|
countryName = optional
|
|
emailAddress = optional
|
|
organizationName = optional
|
|
organizationalUnitName = optional
|
|
domainComponent = optional
|
|
|
|
[ certificate_extensions ]
|
|
basicConstraints = CA:false
|
|
|
|
[ req ]
|
|
default_bits = 2048
|
|
default_keyfile = ./private/cakey.pem
|
|
default_md = sha256
|
|
prompt = yes
|
|
distinguished_name = root_ca_distinguished_name
|
|
x509_extensions = root_ca_extensions
|
|
|
|
[ root_ca_distinguished_name ]
|
|
commonName = hostname
|
|
countryName_default = UK
|
|
stateOrProvinceName_default = London
|
|
organizationName_default = RabbitMQ
|
|
|
|
[ root_ca_extensions ]
|
|
basicConstraints = CA:true
|
|
keyUsage = keyCertSign, cRLSign
|
|
|
|
[ client_ca_extensions ]
|
|
basicConstraints = CA:false
|
|
keyUsage = digitalSignature,keyEncipherment
|
|
subjectAltName = @client_alt_names
|
|
|
|
[ server_ca_extensions ]
|
|
basicConstraints = CA:false
|
|
keyUsage = digitalSignature,keyEncipherment
|
|
extendedKeyUsage = serverAuth
|
|
subjectAltName = @server_alt_names
|
|
|
|
[ server_alt_names ]
|
|
DNS.1 = @HOSTNAME@
|
|
DNS.2 = localhost
|
|
|
|
[ client_alt_names ]
|
|
DNS.1 = rabbit_client_id
|
|
DNS.2 = rabbit_client_id_ext
|
|
email.1 = rabbit_client@localhost
|
|
URI.1 = rabbit_client_id_uri
|