|
1 # openssl.config |
|
2 # |
|
3 # Config file for OpenSSL CA |
|
4 |
|
5 [ ca ] |
|
6 |
|
7 default_ca = ca_default # The default ca section |
|
8 |
|
9 [ Root1 ] |
|
10 |
|
11 dir = Root1 |
|
12 database = $dir\\index.txt # index file. |
|
13 new_certs_dir = $dir\\certs # new certs dir |
|
14 |
|
15 certificate = $dir\\certs\\ca.pem # The CA cert |
|
16 serial = $dir\\serial # serial no file |
|
17 private_key = $dir\\private\\ca.key.pem # CA private key |
|
18 RANDFILE = $dir\\private\\.rand # random number file |
|
19 |
|
20 default_days = 365 # how long to certify for |
|
21 default_crl_days= 30 # how long before next CRL |
|
22 default_md = md5 # md to use |
|
23 |
|
24 policy = ca_policy # our policy |
|
25 email_in_dn = no # Don't add the email into cert DN |
|
26 |
|
27 nameopt = default_ca # Subject name display option |
|
28 certopt = default_ca # Certificate display option |
|
29 copy_extensions = none # Don't copy extensions from request |
|
30 |
|
31 distinguished_name = root_ca_distinguished_name |
|
32 |
|
33 |
|
34 [ Root2 ] |
|
35 |
|
36 dir = Root2 |
|
37 database = $dir\\index.txt # index file. |
|
38 new_certs_dir = $dir\\certs # new certs dir |
|
39 |
|
40 certificate = $dir\\certs\\ca.pem # The CA cert |
|
41 serial = $dir\\serial # serial no file |
|
42 private_key = $dir\\private\\ca.key.pem # CA private key |
|
43 RANDFILE = $dir\\private\\.rand # random number file |
|
44 |
|
45 default_days = 365 # how long to certify for |
|
46 default_crl_days= 30 # how long before next CRL |
|
47 default_md = sha1 # md to use |
|
48 |
|
49 policy = ca_policy # our policy |
|
50 email_in_dn = no # Don't add the email into cert DN |
|
51 |
|
52 nameopt = default_ca # Subject name display option |
|
53 certopt = default_ca # Certificate display option |
|
54 copy_extensions = none # Don't copy extensions from request |
|
55 |
|
56 |
|
57 [ Root5] |
|
58 |
|
59 dir = Root5 |
|
60 database = $dir\\index.txt # index file. |
|
61 new_certs_dir = $dir\\certs # new certs dir |
|
62 |
|
63 certificate = $dir\\certs\\ca.pem # The CA cert |
|
64 serial = $dir\\serial # serial no file |
|
65 private_key = $dir\\private\\ca.key.pem # CA private key |
|
66 RANDFILE = $dir\\private\\.rand # random number file |
|
67 |
|
68 default_days = 365 # how long to certify for |
|
69 default_crl_days= 30 # how long before next CRL |
|
70 default_md = md5 # md to use |
|
71 |
|
72 policy = ca_policy # our policy |
|
73 email_in_dn = no # Don't add the email into cert DN |
|
74 |
|
75 nameopt = default_ca # Subject name display option |
|
76 certopt = default_ca # Certificate display option |
|
77 copy_extensions = none # Don't copy extensions from request |
|
78 |
|
79 |
|
80 [ Root5-Mid ] |
|
81 dir = Root5-Mid |
|
82 database = $dir\\index.txt # index file. |
|
83 new_certs_dir = $dir\\certs # new certs dir |
|
84 |
|
85 certificate = $dir\\certs\\Mid-R5.pem # The CA cert |
|
86 serial = $dir\\serial # serial no file |
|
87 private_key = $dir\\private\\Mid-R5.key.pem # CA private key |
|
88 RANDFILE = $dir\\private\\.rand # random number file |
|
89 |
|
90 default_days = 365 # how long to certify for |
|
91 default_crl_days= 30 # how long before next CRL |
|
92 default_md = md5 # md to use |
|
93 |
|
94 policy = ca_policy # our policy |
|
95 email_in_dn = no # Don't add the email into cert DN |
|
96 |
|
97 nameopt = default_ca # Subject name display option |
|
98 certopt = default_ca # Certificate display option |
|
99 copy_extensions = none # Don't copy extensions from request |
|
100 |
|
101 |
|
102 |
|
103 [ Root3-OCSP ] |
|
104 |
|
105 dir = Root3-OCSP |
|
106 database = $dir\\index.txt # index file. |
|
107 new_certs_dir = $dir\\certs # new certs dir |
|
108 |
|
109 certificate = $dir\\certs\\ca.pem # The CA cert |
|
110 serial = $dir\\serial # serial no file |
|
111 private_key = $dir\\private\\ca.key.pem # CA private key |
|
112 RANDFILE = $dir\\private\\.rand # random number file |
|
113 |
|
114 default_days = 365 # how long to certify for |
|
115 default_crl_days= 30 # how long before next CRL |
|
116 default_md = md5 # md to use |
|
117 |
|
118 policy = ca_policy # our policy |
|
119 email_in_dn = no # Don't add the email into cert DN |
|
120 |
|
121 nameopt = default_ca # Subject name display option |
|
122 certopt = default_ca # Certificate display option |
|
123 copy_extensions = none # Don't copy extensions from request |
|
124 |
|
125 |
|
126 [ Root1-OCSP ] |
|
127 |
|
128 dir = Root1-OCSP |
|
129 database = $dir\\index.txt # index file. |
|
130 new_certs_dir = $dir\\certs # new certs dir |
|
131 |
|
132 certificate = $dir\\certs\\ca.pem # The CA cert |
|
133 serial = $dir\\serial # serial no file |
|
134 private_key = $dir\\private\\ca.key.pem # CA private key |
|
135 RANDFILE = $dir\\private\\.rand # random number file |
|
136 |
|
137 default_days = 365 # how long to certify for |
|
138 default_crl_days= 30 # how long before next CRL |
|
139 default_md = md5 # md to use |
|
140 |
|
141 policy = ca_policy # our policy |
|
142 email_in_dn = no # Don't add the email into cert DN |
|
143 |
|
144 nameopt = default_ca # Subject name display option |
|
145 certopt = default_ca # Certificate display option |
|
146 copy_extensions = none |
|
147 |
|
148 |
|
149 [ Root2-OCSP ] |
|
150 |
|
151 dir = Root2-OCSP |
|
152 database = $dir\\index.txt # index file. |
|
153 new_certs_dir = $dir\\certs # new certs dir |
|
154 |
|
155 certificate = $dir\\certs\\ca.pem # The CA cert |
|
156 serial = $dir\\serial # serial no file |
|
157 private_key = $dir\\private\\ca.key.pem # CA private key |
|
158 RANDFILE = $dir\\private\\.rand # random number file |
|
159 |
|
160 default_days = 365 # how long to certify for |
|
161 default_crl_days= 30 # how long before next CRL |
|
162 default_md = md5 # md to use |
|
163 |
|
164 policy = ca_policy # our policy |
|
165 email_in_dn = no # Don't add the email into cert DN |
|
166 |
|
167 nameopt = default_ca # Subject name display option |
|
168 certopt = default_ca # Certificate display option |
|
169 copy_extensions = none |
|
170 |
|
171 [ Root5_Root_Ext ] |
|
172 keyUsage=critical,keyCertSign |
|
173 basicConstraints=critical,CA:TRUE, pathlen:5 |
|
174 subjectKeyIdentifier=hash |
|
175 |
|
176 [ Root5_Ext ] |
|
177 extendedKeyUsage=codeSigning |
|
178 certificatePolicies=1.2.826.0.1.1796587.1 |
|
179 |
|
180 [ Root5_Mid ] |
|
181 keyUsage=critical,keyCertSign |
|
182 basicConstraints=critical,CA:TRUE, pathlen:5 |
|
183 subjectKeyIdentifier=hash |
|
184 |
|
185 [ Root5_Mid_EE ] |
|
186 extendedKeyUsage=codeSigning |
|
187 certificatePolicies=1.2.826.0.1.1796587.1 |
|
188 basicConstraints=critical,CA:FALSE |
|
189 |
|
190 |
|
191 [ NoOCSP_Ext ] |
|
192 1.3.6.1.5.5.7.48.1.5=DER:0500 |
|
193 |
|
194 |
|
195 [ req ] |
|
196 distinguished_name = root_ca_distinguished_name |
|
197 |
|
198 [ ca_policy ] |
|
199 |
|
200 organizationName = supplied |
|
201 commonName = supplied |
|
202 |
|
203 |
|
204 [ root_ca_distinguished_name ] |
|
205 commonName = Symbian Software Ltd |
|
206 stateOrProvinceName = London |
|
207 countryName = UK |
|
208 emailAddress = Jeremy.Smithers@Symbian.com |
|
209 organizationName = Symbian Software Ltd |