security/advancedtls/testdata/openssl-ca.cnf - third_party/grpc/grpc-go - Git at Google

 base_dir      = .
 certificate   = $base_dir/cacert.pem   # The CA certifcate
 private_key   = $base_dir/cakey.pem    # The CA private key
 new_certs_dir = $base_dir              # Location for new certs after signing
 database      = $base_dir/index.txt    # Database index file
 serial        = $base_dir/serial.txt   # The current serial number

 unique_subject = no  # Set to 'no' to allow creation of
                      # several certificates with same subject.

 HOME            = .
 RANDFILE        = $ENV::HOME/.rnd

 ####################################################################
 [ ca ]
 default_ca    = CA_default      # The default ca section

 [ CA_default ]

 default_days     = 10000         # How long to certify for
 default_crl_days = 30           # How long before next CRL
 default_md       = sha256       # Use public key default MD
 preserve         = no           # Keep passed DN ordering

 x509_extensions = ca_extensions # The extensions to add to the cert

 email_in_dn     = no            # Don't concat the email in the DN
 copy_extensions = copy          # Required to copy SANs from CSR to cert

 ####################################################################
 [ req ]
 default_bits       = 4096
 default_keyfile    = cakey.pem
 distinguished_name = ca_distinguished_name
 x509_extensions    = ca_extensions
 string_mask        = utf8only

 ####################################################################
 [ ca_distinguished_name ]
 countryName         = Country Name (2 letter code)
 countryName_default = US

 stateOrProvinceName         = State or Province Name (full name)
 stateOrProvinceName_default = Maryland

 localityName                = Locality Name (eg, city)
 localityName_default        = Baltimore

 organizationName            = Organization Name (eg, company)
 organizationName_default    = Test CA, Limited

 organizationalUnitName         = Organizational Unit (eg, division)
 organizationalUnitName_default = Server Research Department

 commonName         = Common Name (e.g. server FQDN or YOUR name)
 commonName_default = Test CA

 emailAddress         = Email Address
 emailAddress_default = test@example.com

 ####################################################################
 [ ca_extensions ]

 subjectKeyIdentifier   = hash
 authorityKeyIdentifier = keyid:always, issuer
 basicConstraints       = critical, CA:true
 keyUsage               = keyCertSign, cRLSign


 ####################################################################
 [ signing_policy ]
 countryName            = optional
 stateOrProvinceName    = optional
 localityName           = optional
 organizationName       = optional
 organizationalUnitName = optional
 commonName             = supplied
 emailAddress           = optional

 ####################################################################
 [ signing_req ]
 subjectKeyIdentifier   = hash
 authorityKeyIdentifier = keyid,issuer
 basicConstraints       = CA:FALSE
 keyUsage               = digitalSignature, keyEncipherment
	base_dir = .
	certificate = $base_dir/cacert.pem # The CA certifcate
	private_key = $base_dir/cakey.pem # The CA private key
	new_certs_dir = $base_dir # Location for new certs after signing
	database = $base_dir/index.txt # Database index file
	serial = $base_dir/serial.txt # The current serial number

	unique_subject = no # Set to 'no' to allow creation of
	# several certificates with same subject.

	HOME = .
	RANDFILE = $ENV::HOME/.rnd

	####################################################################
	[ ca ]
	default_ca = CA_default # The default ca section

	[ CA_default ]

	default_days = 10000 # How long to certify for
	default_crl_days = 30 # How long before next CRL
	default_md = sha256 # Use public key default MD
	preserve = no # Keep passed DN ordering

	x509_extensions = ca_extensions # The extensions to add to the cert

	email_in_dn = no # Don't concat the email in the DN
	copy_extensions = copy # Required to copy SANs from CSR to cert

	####################################################################
	[ req ]
	default_bits = 4096
	default_keyfile = cakey.pem
	distinguished_name = ca_distinguished_name
	x509_extensions = ca_extensions
	string_mask = utf8only

	####################################################################
	[ ca_distinguished_name ]
	countryName = Country Name (2 letter code)
	countryName_default = US

	stateOrProvinceName = State or Province Name (full name)
	stateOrProvinceName_default = Maryland

	localityName = Locality Name (eg, city)
	localityName_default = Baltimore

	organizationName = Organization Name (eg, company)
	organizationName_default = Test CA, Limited

	organizationalUnitName = Organizational Unit (eg, division)
	organizationalUnitName_default = Server Research Department

	commonName = Common Name (e.g. server FQDN or YOUR name)
	commonName_default = Test CA

	emailAddress = Email Address
	emailAddress_default = test@example.com

	####################################################################
	[ ca_extensions ]

	subjectKeyIdentifier = hash
	authorityKeyIdentifier = keyid:always, issuer
	basicConstraints = critical, CA:true
	keyUsage = keyCertSign, cRLSign




	####################################################################
	[ signing_policy ]
	countryName = optional
	stateOrProvinceName = optional
	localityName = optional
	organizationName = optional
	organizationalUnitName = optional
	commonName = supplied
	emailAddress = optional

	####################################################################
	[ signing_req ]
	subjectKeyIdentifier = hash
	authorityKeyIdentifier = keyid,issuer
	basicConstraints = CA:FALSE
	keyUsage = digitalSignature, keyEncipherment