# # OpenSSL configuration for Leivo Root # # This definition stops the following lines choking if HOME isn't # defined. HOME = . RANDFILE = $ENV::HOME/.rnd #################################################################### [ ca ] default_ca = Leivo_Root # The default ca section ############################# Defining CA ###################################### [ Leivo_Root ] dir = d:/temp/testCA # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. new_certs_dir = $dir/newcerts # default place for new certs. certificate = $dir/Leivo_Root.pem # The CA certificate serial = $dir/serial # The current serial number crlnumber = $dir/crlnumber # the current crl number crl = $dir/crl.pem # The current CRL private_key = $dir/private/root-ca.key # The private key RANDFILE = $dir/private/.rand # private random number file string_mask = utf8only ######################## End of defining CA #################################### #################### Defining certificate signing ############################## x509_extensions = v3_ca # The extentions to add to the cert name_opt = ca_default # Subject Name options cert_opt = ca_default # Certificate field options crl_extensions = crl_ext default_days = 365 # how long to certify for default_crl_days= 3 # how long before next CRL default_md = sha256 # use public key default MD preserve = no # keep passed DN ordering policy = policy_match # For the CA policy [ policy_match ] countryName = match organizationName = match commonName = supplied emailAddress = optional ################## End of defining certificate signing ######################### [ crl_ext ] authorityKeyIdentifier = keyid:always [ v3_ca_root ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer basicConstraints = CA:true, pathlen:1 keyUsage = cRLSign, keyCertSign, digitalSignature [ v3_ca ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer basicConstraints = critical, CA:true, pathlen:0 crlDistributionPoints = URI:http://crl.leivo.org/Rootca-crl.pem ########################### Basic SSL request ################################## [ req ] default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name req_extensions = extensions string_mask = utf8only [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = FI countryName_min = 2 countryName_max = 2 0.organizationName = Organization Name (eg, company) 0.organizationName_default = Leivo.org # get the DN name for the certificate commonName = Server FQDN commonName_max = 64 [ extensions ] subjectKeyIdentifier = hash basicConstraints = critical,CA:true, pathlen:0 keyUsage = cRLSign, keyCertSign, digitalSignature ######################### End basic SSL request ################################