File: ca.cnf

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (94 lines) | stat: -rw-r--r-- 2,497 bytes parent folder | download | duplicates (11)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# Defaults in the event they're not set in the environment
CA_DIR    = out
KEY_SIZE  = 2048
ALGO      = sha256
CERT_TYPE = root
CA_NAME   = req_env_dn
CA_COMMON_NAME = Test Root CA

[ca]
default_ca = CA_root
preserve   = yes

# The default test root, used to generate certificates and CRLs.
[CA_root]
dir           = $ENV::CA_DIR
key_size      = $ENV::KEY_SIZE
algo          = $ENV::ALGO
cert_type     = $ENV::CERT_TYPE
type          = $key_size-$algo-$cert_type
database      = $dir/$type-index.txt
new_certs_dir = $dir
serial        = $dir/$type-serial
certificate   = $dir/$type.pem
private_key   = $dir/$type.key
RANDFILE      = $dir/.rand
default_days     = 3650
default_crl_days = 30
default_md       = sha256
policy           = policy_anything
unique_subject   = no
copy_extensions  = copy

[user_cert]
# Extensions to add when signing a request for an EE cert
basicConstraints       = critical, CA:false
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid:always
extendedKeyUsage       = serverAuth,clientAuth

[ca_cert]
# Extensions to add when signing a request for an intermediate/CA cert
basicConstraints       = critical, CA:true
subjectKeyIdentifier   = hash
#authorityKeyIdentifier = keyid:always
keyUsage               = critical, keyCertSign, cRLSign

[crl_extensions]
# Extensions to add when signing a CRL
authorityKeyIdentifier = keyid:always

[policy_anything]
# Default signing policy
countryName            = optional
stateOrProvinceName    = optional
localityName           = optional
organizationName       = optional
organizationalUnitName = optional
commonName             = optional
emailAddress           = optional

[req]
# The request section used to generate the root CA certificate. This should
# not be used to generate end-entity certificates. For certificates other
# than the root CA, see README to find the appropriate configuration file
# (ie: openssl_cert.cnf).
default_bits       = $ENV::KEY_SIZE
default_md         = sha256
string_mask        = utf8only
prompt             = no
encrypt_key        = no
distinguished_name = $ENV::CA_NAME
x509_extensions    = req_ca_exts

[req_ca_dn]
C  = US
ST = California
L  = Mountain View
O  = Test CA
CN = Test Root CA

[req_intermediate_dn]
C  = US
ST = California
L  = Mountain View
O  = Test CA
CN = Test Intermediate CA

[req_env_dn]
CN = $ENV::CA_COMMON_NAME

[req_ca_exts]
basicConstraints       = critical, CA:true
keyUsage               = critical, keyCertSign, cRLSign
subjectKeyIdentifier   = hash