56 lines
1.3 KiB
INI
56 lines
1.3 KiB
INI
[ default ]
|
|
ca = kyouma_Issuing_CA
|
|
default_md = sha256
|
|
|
|
[ req ]
|
|
utf8 = yes
|
|
prompt = no
|
|
distinguished_name = dn
|
|
req_extensions = v3_issue_req
|
|
|
|
[ ca ]
|
|
default_ca = $ca
|
|
|
|
[ kyouma_Issuing_CA ]
|
|
database = index.txt
|
|
rand_serial = yes
|
|
new_certs_dir = certs
|
|
certificate = ./$ca.pem
|
|
private_key = private/$ca.pem
|
|
|
|
name_opt = multiline, -esc_msb, utf8
|
|
cert_opt = ca_default
|
|
|
|
default_days = 7305
|
|
default_crl_days = 7305
|
|
|
|
unique_subject = no
|
|
policy = policy_match
|
|
email_in_dn = no
|
|
preserve = no
|
|
|
|
copy_extensions = copy
|
|
x509_extensions = v3_cert
|
|
crl_extensions = v3_crl
|
|
|
|
[ policy_match ]
|
|
commonName = supplied
|
|
UID = supplied
|
|
|
|
[ dn ]
|
|
commonName = kyouma Issuing CA
|
|
|
|
[ v3_issue_req ]
|
|
subjectKeyIdentifier = hash
|
|
basicConstraints = critical, CA:true, pathlen:0
|
|
|
|
[ v3_cert ]
|
|
subjectKeyIdentifier = hash
|
|
authorityKeyIdentifier = keyid:always
|
|
basicConstraints = critical, CA:false
|
|
keyUsage = critical, digitalSignature
|
|
extendedKeyUsage = clientAuth, anyExtendedKeyUsage
|
|
|
|
[ v3_crl ]
|
|
authorityKeyIdentifier = keyid:always
|