![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
#author("2025-05-21T07:16:54+00:00","default:iseki","iseki") * ca.conf <pre> [ ca ] default_ca = CA_default x509_extensions = usr_cert [ CA_default ] dir = /var/CA/netpCA certs = $dir/certs crl_dir = $dir/crl # CA_DB = new_certs_dir = $dir/newcerts certificate = $dir/cacert.pem serial = $dir/serial crl = $dir/crl/cacert.crl private_key = $dir/private/cakey.pem database = $dir/index.txt # RANDFILE = default_days = 365 # default_startdate = # default_enddate = default_crl_days = 365 # default_crl_hours = #default_md = md5 #default_md = sha256 default_md = sha512 # preserve = no policy = policy_match x509_extensions = x509v3_extensions # crl_extensions = # msie_hack = [ policy_match ] countryName = optional stateOrProvinceName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ usr_cert ] basicConstraints=CA:FALSE nsCertType = sslCA, emailCA, server, client, email, objsign # nsCertType = objsign # nsCertType = client, email # nsCertType = client, email, objsign # nsComment = "OpenSSL Generated Certificate" subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always [ x509v3_extensions ] subjectKeyIdentifier=hash basicConstraints = CA:true nsCertType = sslCA, emailCA, server, client, email, objsign </pre>
