HOME = . # Dont edit this RANDFILE = $ENV::HOME/.rnd # Don't edit this CAPATH = $ENV::CAROOT/.ca [ subject_name ] # You might want to change this. 0.DC = in # Don't edit 1.DC = ac # Don't edit organizationName = iitk # Don't edit 0.organizationalUnitName = cse # Don't edit 1.organizationalUnitName = CA # Don't edit CN = Server CA # The CA name ## The rest is probably unnecessary to change. [ req ] distinguished_name = subject_name x509_extensions = self_extn string_mask = nombstr prompt = no [ self_extn ] # Extensions put on requests. basicConstraints = CA:true keyUsage = digitalSignature, nonRepudiation, cRLSign, keyCertSign [ ca ] default_ca = ca_section [ ca_section ] dir = $CAPATH private_key = $dir/private.pem # The private key certificate = $dir/certificate.pem # The certificate certs = $dir/certs crl_dir = $dir/crl database = $dir/.index.txt new_certs_dir = $dir/newcerts # default place for new certs. serial = $dir/.serial # The current serial number crlnumber = $dir/.crlnumber # the current crl number crl = $dir/current.crl # The current CRL RANDFILE = $dir/.rand # private random number file name_opt = ca_default # Subject Name options cert_opt = ca_default # Certificate field options x509_extensions = server_extn # The extentions to add to the cert default_days = 395 # how long to certify for default_crl_days= 30 # how long before next CRL default_md = sha1 # which md to use. unique_subject = no preserve = yes # keep passed DN ordering policy = cse_match copy_extensions = copy [ cse_match ] DC = match DC = match organizationName = match organizationalUnitName = match organizationalUnitName = supplied commonName = supplied [ server_extn ] # Extensions put on server certificate. # subjectKeyIdentifier = hash # authorityKeyIdentifier = keyid:always,issuer:always basicConstraints = critical, CA:FALSE keyUsage = critical, digitalSignature, keyEncipherment, \ dataEncipherment, keyAgreement extendedKeyUsage = critical, serverAuth