ca.conf[edit]

[ ca ]
default_ca        = CA_default
x509_extensions   = usr_cert

[ CA_default ]
dir               = /var/CA/netpCA
certs             = $dir/certs
crl_dir           = $dir/crl
# CA_DB             =
new_certs_dir     = $dir/newcerts

certificate       = $dir/cacert.pem
serial            = $dir/serial
crl               = $dir/crl/cacert.crl
private_key       = $dir/private/cakey.pem
database          = $dir/index.txt
# RANDFILE          =

default_days      = 365
# default_startdate =
# default_enddate   =
default_crl_days  = 365
# default_crl_hours =
#default_md        = md5
#default_md        = sha256
default_md        = sha512
# preserve          = no
policy            = policy_match
x509_extensions   = x509v3_extensions
# crl_extensions    =
# msie_hack         =

[ policy_match ]
countryName             = optional
stateOrProvinceName     = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

[ usr_cert ]
basicConstraints=CA:FALSE
nsCertType = sslCA, emailCA, server, client, email, objsign
# nsCertType = objsign
# nsCertType = client, email
# nsCertType = client, email, objsign
# nsComment                     = "OpenSSL Generated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always

[ x509v3_extensions ]
subjectKeyIdentifier=hash
basicConstraints = CA:true
nsCertType = sslCA, emailCA, server, client, email, objsign
トップ   編集 凍結 差分 履歴 添付 複製 名前変更 リロード   新規 ページ一覧 検索 最終更新   ヘルプ   最終更新のRSS
Last-modified: 2025-05-21 (水) 16:16:54