| # |
| # Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. |
| # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| # |
| # This code is free software; you can redistribute it and/or modify it |
| # under the terms of the GNU General Public License version 2 only, as |
| # published by the Free Software Foundation. Oracle designates this |
| # particular file as subject to the "Classpath" exception as provided |
| # by Oracle in the LICENSE file that accompanied this code. |
| # |
| # This code is distributed in the hope that it will be useful, but WITHOUT |
| # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| # FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| # version 2 for more details (a copy is included in the LICENSE file that |
| # accompanied this code). |
| # |
| # You should have received a copy of the GNU General Public License version |
| # 2 along with this work; if not, write to the Free Software Foundation, |
| # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| # |
| # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| # or visit www.oracle.com if you need additional information or have any |
| # questions. |
| # |
| |
| # |
| # OpenSSL configuration file. |
| # |
| |
| HOME = . |
| RANDFILE = $ENV::HOME/.rnd |
| |
| [ ca ] |
| default_ca = CA_default |
| |
| [ CA_default ] |
| dir = ./top |
| certs = $dir/certs |
| crl_dir = $dir/crl |
| database = $dir/index.txt |
| unique_subject = no |
| new_certs_dir = $dir/newcerts |
| certificate = $dir/cacert.pem |
| serial = $dir/serial |
| crlnumber = $dir/crlnumber |
| crl = $dir/crl.pem |
| private_key = $dir/private/cakey.pem |
| RANDFILE = $dir/private/.rand |
| x509_extensions = v3_ca |
| |
| name_opt = ca_default |
| cert_opt = ca_default |
| |
| default_days = 7650 |
| default_crl_days = 30 |
| default_md = sha1 |
| preserve = no |
| |
| policy = policy_anything |
| |
| [ ca_top ] |
| dir = ./root |
| certs = $dir/certs |
| crl_dir = $dir/crl |
| database = $dir/index.txt |
| unique_subject = no |
| new_certs_dir = $dir/newcerts |
| certificate = $dir/cacert.pem |
| serial = $dir/serial |
| crlnumber = $dir/crlnumber |
| crl = $dir/crl.pem |
| private_key = $dir/private/cakey.pem |
| RANDFILE = $dir/private/.rand |
| |
| x509_extensions = v3_ca |
| |
| name_opt = ca_default |
| cert_opt = ca_default |
| |
| default_days = 7650 |
| default_crl_days = 30 |
| default_md = sha1 |
| preserve = no |
| |
| policy = policy_anything |
| |
| [ ca_subca ] |
| dir = ./subca |
| certs = $dir/certs |
| crl_dir = $dir/crl |
| database = $dir/index.txt |
| unique_subject = no |
| new_certs_dir = $dir/newcerts |
| |
| certificate = $dir/cacert.pem |
| serial = $dir/serial |
| crlnumber = $dir/crlnumber |
| crl = $dir/crl.pem |
| private_key = $dir/private/cakey.pem |
| RANDFILE = $dir/private/.rand |
| |
| x509_extensions = usr_cert |
| |
| name_opt = ca_default |
| cert_opt = ca_default |
| |
| default_days = 7650 |
| default_crl_days = 30 |
| default_md = sha1 |
| preserve = no |
| |
| policy = policy_anything |
| |
| [ policy_match ] |
| countryName = match |
| stateOrProvinceName = match |
| organizationName = match |
| organizationalUnitName = optional |
| commonName = supplied |
| emailAddress = optional |
| |
| [ policy_anything ] |
| countryName = optional |
| stateOrProvinceName = optional |
| localityName = optional |
| organizationName = optional |
| organizationalUnitName = optional |
| commonName = supplied |
| emailAddress = optional |
| |
| [ req ] |
| default_bits = 1024 |
| default_keyfile = privkey.pem |
| distinguished_name = req_distinguished_name |
| attributes = req_attributes |
| x509_extensions = v3_ca |
| |
| string_mask = nombstr |
| |
| [ req_distinguished_name ] |
| countryName = Country Name (2 letter code) |
| countryName_default = NO |
| countryName_min = 2 |
| countryName_max = 2 |
| |
| stateOrProvinceName = State or Province Name (full name) |
| stateOrProvinceName_default = A-State |
| |
| localityName = Locality Name (eg, city) |
| |
| 0.organizationName = Organization Name (eg, company) |
| 0.organizationName_default = Internet Widgits Pty Ltd |
| |
| organizationalUnitName = Organizational Unit Name (eg, section) |
| |
| commonName = Common Name (eg, YOUR name) |
| commonName_max = 64 |
| |
| emailAddress = Email Address |
| emailAddress_max = 64 |
| |
| [ req_attributes ] |
| challengePassword = A challenge password |
| challengePassword_min = 4 |
| challengePassword_max = 20 |
| unstructuredName = An optional company name |
| |
| [ usr_cert ] |
| keyUsage = nonRepudiation, digitalSignature, keyEncipherment |
| |
| subjectKeyIdentifier = hash |
| authorityKeyIdentifier = keyid,issuer |
| |
| [ v3_req ] |
| basicConstraints = CA:FALSE |
| keyUsage = nonRepudiation, digitalSignature, keyEncipherment |
| subjectAltName = email:example@openjdk.net, RID:1.2.3.4:true |
| |
| [ v3_ca ] |
| subjectKeyIdentifier = hash |
| authorityKeyIdentifier = keyid:always,issuer:always |
| basicConstraints = critical,CA:true |
| keyUsage = keyCertSign, cRLSign |
| |
| [ cert_issuer ] |
| subjectKeyIdentifier = hash |
| authorityKeyIdentifier = keyid:always,issuer:always |
| basicConstraints = critical,CA:true |
| keyUsage = keyCertSign, cRLSign |
| |
| [ crl_issuer ] |
| subjectKeyIdentifier = hash |
| authorityKeyIdentifier = keyid:always,issuer:always |
| basicConstraints = critical,CA:true |
| keyUsage = keyCertSign, cRLSign |
| |
| |
| [ crl_ext ] |
| authorityKeyIdentifier = keyid:always,issuer:always |
| |
| [ ee_of_subca ] |
| keyUsage = nonRepudiation, digitalSignature, keyEncipherment, keyAgreement |
| |
| subjectKeyIdentifier = hash |
| authorityKeyIdentifier = keyid,issuer |