| CA_DIR=out |
| CA_NAME=aia-test-root |
| AIA_URL=http://aia-test.invalid |
| HOST_NAME=aia-host.invalid |
| |
| [ca] |
| default_ca = CA_root |
| preserve = yes |
| |
| [CA_root] |
| dir = ${ENV::CA_DIR} |
| key_size = 2048 |
| algo = sha256 |
| database = $dir/${ENV::CA_NAME}-index.txt |
| new_certs_dir = $dir |
| serial = $dir/${ENV::CA_NAME}-serial |
| certificate = $dir/${ENV::CA_NAME}.pem |
| private_key = $dir/${ENV::CA_NAME}.key |
| RANDFILE = $dir/.rand |
| default_days = 3650 |
| default_crl_days = 30 |
| default_md = sha256 |
| policy = policy_anything |
| unique_subject = no |
| copy_extensions = copy |
| |
| [user_cert] |
| basicConstraints = critical, CA:false |
| extendedKeyUsage = serverAuth, clientAuth |
| authorityInfoAccess = caIssuers;URI:${ENV::AIA_URL} |
| subjectAltName = DNS:${ENV::HOST_NAME} |
| |
| [ca_cert] |
| basicConstraints = critical, CA:true |
| keyUsage = critical, keyCertSign, cRLSign |
| |
| [policy_anything] |
| # Default signing policy |
| countryName = optional |
| stateOrProvinceName = optional |
| localityName = optional |
| organizationName = optional |
| organizationalUnitName = optional |
| commonName = optional |
| emailAddress = optional |
| |
| [req] |
| default_bits = 2048 |
| default_md = sha256 |
| string_mask = utf8only |
| prompt = no |
| encrypt_key = no |
| distinguished_name = req_env_dn |
| |
| [req_env_dn] |
| CN = ${ENV::CA_COMMON_NAME} |
| |
