pki/test/openssl.conf
[default]
name = root-ca
default_ca = ca_default
name_opt = utf8,esc_ctrl,multiline,lname,align
[ca_dn]
countryName = "NL"
organizationName = "Nuts Foundation"
commonName = "Root CA"
[ca_default]
home = .
database = $home/db/index
serial = $home/db/serial
crlnumber = $home/db/crlnumber
certificate = $home/$name.crt
private_key = $home/private/$name.key
new_certs_dir = $home/certs
unique_subject = yes
copy_extensions = none
default_days = 3650
default_crl_days = 3650
default_md = sha256
policy = policy_default
[sub-ca]
home = .
database = $home/db/indexSub
serial = $home/db/serial
crlnumber = $home/db/crlnumber
new_certs_dir = $home/certs
unique_subject = yes
copy_extensions = copy
default_days = 3650
default_crl_days = 3650
default_md = sha256
policy = policy_default
[sub-ca-expired-crl]
home = .
database = $home/db/indexSub
serial = $home/db/serial
crlnumber = $home/db/crlnumber
new_certs_dir = $home/certs
unique_subject = yes
copy_extensions = copy
default_days = 3650
default_crl_hours = 1
default_md = sha256
policy = policy_default
[policy_default]
commonName = supplied
countryName = optional
organizationName = optional
[req]
default_bits = 2048
encrypt_key = no
default_md = sha256
utf8 = yes
string_mask = utf8only
prompt = no
distinguished_name = ca_dn
req_extensions = ca_ext
# certificate extension groups
[ca_ext]
basicConstraints = critical,CA:true
keyUsage = critical,keyCertSign,cRLSign
subjectKeyIdentifier = hash
[sub_ca_ext]
authorityKeyIdentifier = keyid:always
basicConstraints = critical,CA:true,pathlen:0
crlDistributionPoints = @crl_info
extendedKeyUsage = clientAuth,serverAuth
keyUsage = critical,keyCertSign,cRLSign
subjectKeyIdentifier = hash
[intA_ext]
authorityKeyIdentifier = keyid:always
basicConstraints = critical,CA:false
crlDistributionPoints = @crl_intA
extendedKeyUsage = clientAuth,serverAuth
keyUsage = critical,digitalSignature,keyEncipherment,nonRepudiation,dataEncipherment
subjectKeyIdentifier = hash
[intB_ext]
authorityKeyIdentifier = keyid:always
basicConstraints = critical,CA:false
crlDistributionPoints = @crl_intB
extendedKeyUsage = clientAuth,serverAuth
keyUsage = critical,digitalSignature,keyEncipherment,nonRepudiation,dataEncipherment
subjectKeyIdentifier = hash
[intC_ext]
authorityKeyIdentifier = keyid:always
basicConstraints = critical,CA:false
crlDistributionPoints = @crl_intC
extendedKeyUsage = clientAuth,serverAuth
keyUsage = critical,digitalSignature,keyEncipherment,nonRepudiation,dataEncipherment
subjectKeyIdentifier = hash
[crl_info]
URI.0 = http://certs.nuts.nl/RootCALatest.crl
[crl_intA]
URI.0 = http://certs.nuts.nl/IntermediateCAALatest.crl
[crl_intB]
URI.0 = http://certs.nuts.nl/IntermediateCABLatest.crl
[crl_intC]
URI.0 = http://certs.nuts.nl/IntermediateCACLatest.crl