mirror of https://github.com/wolfSSL/wolfssh.git
58 lines
1.4 KiB
Plaintext
58 lines
1.4 KiB
Plaintext
HOME = .
|
|
RANDFILE = $ENV::HOME/.rnd
|
|
|
|
[ ca ]
|
|
default_ca = CA_default # The default ca section
|
|
|
|
[ CA_default ]
|
|
dir = $HOME
|
|
database = $dir/index.txt # database index file.
|
|
certs = $dir/
|
|
new_certs_dir = $dir/
|
|
certificate = $dir/ca-cert-ecc.pem
|
|
serial = $dir/serial
|
|
default_md = default
|
|
policy = policy_match
|
|
email_in_dn = no
|
|
RANDFILE = $dir/.rand
|
|
|
|
# For the CA policy
|
|
[ policy_match ]
|
|
countryName = match
|
|
stateOrProvinceName = supplied
|
|
organizationName = supplied
|
|
organizationalUnitName = optional
|
|
commonName = supplied
|
|
emailAddress = optional
|
|
|
|
[ req ]
|
|
x509_extensions = v3_ca # The extensions to add to the self signed cert
|
|
distinguished_name = req_distinguished_name
|
|
prompt = no
|
|
|
|
# Extensions for a typical CA
|
|
[ v3_ca ]
|
|
subjectKeyIdentifier=hash
|
|
authorityKeyIdentifier=keyid:always,issuer:always
|
|
basicConstraints = critical,CA:true
|
|
keyUsage = critical, digitalSignature, keyCertSign, cRLSign
|
|
|
|
# Extensions for fred cert
|
|
[ v3_fred ]
|
|
subjectKeyIdentifier=hash
|
|
authorityKeyIdentifier=keyid:always,issuer:always
|
|
subjectAltName = @fred_altnames
|
|
|
|
[ fred_altnames ]
|
|
otherName = msUPN;UTF8:fred@example
|
|
|
|
# Extensions for server cert
|
|
[ v3_server ]
|
|
subjectKeyIdentifier=hash
|
|
authorityKeyIdentifier=keyid:always,issuer:always
|
|
subjectAltName = DNS:example, IP:127.0.0.1
|
|
|
|
|
|
[ req_distinguished_name ]
|
|
|