# My sample caconfig.cnf file. ## Default configuration to use when one is not provided on the command line. # [ ca ] default_ca = local_ca # Default location of directories and files needed to generate certificates. # [ local_ca ] dir = /root/myCA certificate = $dir/root-ca.crt database = $dir/index.txt new_certs_dir = $dir/signedcerts private_key = $dir/private/cakey.pem serial = $dir/serial # Default expiration and encryption policies for certificates. # default_crl_days = 365 default_days = 1825 default_md = sha1 # policy = local_ca_policy x509_extensions = local_ca_extensions # # # Copy extensions specified in the certificate request # copy_extensions = copy # # # Default policy to use when generating server certificates. The following # fields must be defined in the server certificate. # [ local_ca_policy ] commonName = optional stateOrProvinceName = optional countryName = optional emailAddress = optional organizationName = optional organizationalUnitName = optional # # # x509 extensions to use when generating server certificates. # [ local_ca_extensions ] #authorityKeyIdentifier = keyid,issuer #basicConstraints = critical,CA:true #keyUsage = critical, Digital Signature, Non Repudiation, Certificate Sign, CRL Sign #subjectKeyIdentifier = hash # # # The default root certificate generation policy. # [ req ] default_bits = 2048 default_keyfile = /root/myCA/private/cakey.pem default_md = sha1 # prompt = no distinguished_name = root_ca_distinguished_name x509_extensions = root_ca_extensions # # # Root Certificate Authority distinguished name. Change these fields to match # your local environment! # [ root_ca_distinguished_name ] commonName = Kritee Root Certificate Authority stateOrProvinceName = KA countryName = IN emailAddress = kjhawar@example.com organizationName = abc organizationalUnitName = zyx # [ root_ca_extensions ] authorityKeyIdentifier = keyid,issuer basicConstraints = critical, CA:true keyUsage = critical, Digital Signature, Non Repudiation, Certificate Sign, CRL Sign subjectKeyIdentifier = hash #