[ ca ] default_ca = CA_default [ CA_default ] dir = ./t/ocsp/ca # Where everything is kept # dir = ./ca certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. new_certs_dir = $dir/newcerts # default place for new certs. certificate = $dir/ca.crt # The CA certificate serial = $dir/serial # The current serial number crlnumber = $dir/crlnumber # the current crl number must be commented out to leave a V1 CRL crl = $dir/crl.pem # The current CRL private_key = $dir/ca.key # The private key RANDFILE = $dir/private/.rand # private random number file # x509_extensions = usr_cert # The extentions to add to the cert default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL default_md = default # which md to use. preserve = no # keep passed DN ordering policy = policy_any # Which policy is used [ policy_any ] countryName = optional stateOrProvinceName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ req ] x509_extensions = v3_ca prompt = no default_bits = 2048 default_md = sha256 prompt = no distinguished_name = dn req_extensions = req_ext [ v3_req ] authorityInfoAccess = OCSP;URI:http://127.0.0.1:2560 basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage = clientAuth, serverAuth, timeStamping, OCSPSigning [ v3_ca ] authorityInfoAccess = OCSP;URI:http://127.0.0.1:2560 basicConstraints = CA:TRUE keyUsage = nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage = clientAuth, serverAuth, timeStamping, OCSPSigning