71 lines
2.0 KiB
Plaintext
71 lines
2.0 KiB
Plaintext
|
|
HOME = .
|
|
# RANDFILE = .rnd
|
|
|
|
|
|
# Extra OBJECT IDENTIFIER info:
|
|
oid_section = new_oids
|
|
|
|
[ new_oids ]
|
|
# Amateur radio callsign OID used by LotW
|
|
callSign = 1.3.6.1.4.1.12348.1.1
|
|
|
|
[ ca ]
|
|
default_ca = testca
|
|
|
|
[ testca ]
|
|
|
|
dir = ./tls-testca # Where everything is kept
|
|
certs = $dir/certs # Where the issued certs are kept
|
|
crl_dir = $dir/crl # Where the issued crl are kept
|
|
database = $dir/index.txt # database index file.
|
|
unique_subject = no # Set to 'no' to allow creation of
|
|
# several ctificates with same subject.
|
|
new_certs_dir = $dir/newcerts # default place for new certs.
|
|
|
|
certificate = $dir/cacert.pem # The CA certificate
|
|
serial = $dir/serial # The current serial number
|
|
private_key = $dir/private/cakey.pem # The private key
|
|
|
|
x509_extensions = aprsc_cert
|
|
default_md = sha256
|
|
|
|
# Comment out the following two lines for the "traditional"
|
|
# (and highly broken) format.
|
|
name_opt = ca_default # Subject Name options
|
|
cert_opt = ca_default # Certificate field options
|
|
|
|
|
|
policy = policy_client
|
|
|
|
[ policy_client ]
|
|
callSign = optional
|
|
organizationName = optional
|
|
organizationalUnitName = optional
|
|
commonName = supplied
|
|
emailAddress = optional
|
|
|
|
[ req ]
|
|
distinguished_name = req_distinguished_name
|
|
default_bits = 2048
|
|
|
|
|
|
[ req_distinguished_name ]
|
|
callSign = Callsign
|
|
callSign_max = 12
|
|
|
|
commonName = Common Name (e.g. server FQDN or YOUR name)
|
|
commonName_max = 64
|
|
|
|
emailAddress = Email Address
|
|
emailAddress_max = 64
|
|
|
|
[ aprsc_cert ]
|
|
basicConstraints=CA:FALSE
|
|
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
subjectKeyIdentifier=hash
|
|
authorityKeyIdentifier=keyid:always,issuer
|
|
extendedKeyUsage = clientAuth,serverAuth
|
|
|
|
|