# # Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License version 2 only, as # published by the Free Software Foundation. # # This code is distributed in the hope that it will be useful, but WITHOUT # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or # FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # version 2 for more details (a copy is included in the LICENSE file that # accompanied this code). # # You should have received a copy of the GNU General Public License version # 2 along with this work; if not, write to the Free Software Foundation, # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. # # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA # or visit www.oracle.com if you need additional information or have any # questions. # # # OpenSSL configuration file. # HOME = . RANDFILE = $ENV::HOME/.rnd [ ca ] default_ca = CA_default [ CA_default ] dir = ./top certs = $dir/certs crl_dir = $dir/crl database = $dir/index.txt unique_subject = no new_certs_dir = $dir/newcerts certificate = $dir/cacert.pem serial = $dir/serial crlnumber = $dir/crlnumber crl = $dir/crl.pem private_key = $dir/private/cakey.pem RANDFILE = $dir/private/.rand x509_extensions = v3_ca name_opt = ca_default cert_opt = ca_default default_days = 7650 default_crl_days = 30 default_md = sha1 preserve = no policy = policy_anything [ ca_top ] dir = ./root certs = $dir/certs crl_dir = $dir/crl database = $dir/index.txt unique_subject = no new_certs_dir = $dir/newcerts certificate = $dir/cacert.pem serial = $dir/serial crlnumber = $dir/crlnumber crl = $dir/crl.pem private_key = $dir/private/cakey.pem RANDFILE = $dir/private/.rand x509_extensions = v3_ca name_opt = ca_default cert_opt = ca_default default_days = 7650 default_crl_days = 30 default_md = sha1 preserve = no policy = policy_anything [ ca_subca ] dir = ./subca certs = $dir/certs crl_dir = $dir/crl database = $dir/index.txt unique_subject = no new_certs_dir = $dir/newcerts certificate = $dir/cacert.pem serial = $dir/serial crlnumber = $dir/crlnumber crl = $dir/crl.pem private_key = $dir/private/cakey.pem RANDFILE = $dir/private/.rand x509_extensions = usr_cert name_opt = ca_default cert_opt = ca_default default_days = 7650 default_crl_days = 30 default_md = sha1 preserve = no policy = policy_anything [ policy_match ] countryName = match stateOrProvinceName = match organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional [ policy_anything ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ req ] default_bits = 1024 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca string_mask = nombstr [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = NO countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = A-State localityName = Locality Name (eg, city) 0.organizationName = Organization Name (eg, company) 0.organizationName_default = Internet Widgits Pty Ltd organizationalUnitName = Organizational Unit Name (eg, section) commonName = Common Name (eg, YOUR name) commonName_max = 64 emailAddress = Email Address emailAddress_max = 64 [ req_attributes ] challengePassword = A challenge password challengePassword_min = 4 challengePassword_max = 20 unstructuredName = An optional company name [ usr_cert ] keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer [ v3_req ] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = email:example@openjdk.net, RID:1.2.3.4:true [ v3_ca ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always basicConstraints = critical,CA:true keyUsage = keyCertSign [ cert_issuer ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always basicConstraints = critical,CA:true keyUsage = keyCertSign nameConstraints = excluded;RID:1.2.3.4.5 [ crl_issuer ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always keyUsage = cRLSign [ crl_ext ] authorityKeyIdentifier = keyid:always,issuer:always [ ee_of_subca ] keyUsage = nonRepudiation, digitalSignature, keyEncipherment, keyAgreement subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer [ alice_of_subca ] keyUsage = nonRepudiation, digitalSignature, keyEncipherment, keyAgreement subjectAltName = RID:1.2.3.4 subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer [ susan_of_subca ] keyUsage = nonRepudiation, digitalSignature, keyEncipherment, keyAgreement subjectAltName = RID:1.2.3.4.5 subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer