scripts/client-ca/tmp.cnf - platform/external/libwebsockets - Git at Google

 #
 # OpenSSL configuration file.
 #

 # Establish working directory.

 dir					= .

 [ ca ]
 default_ca				= CA_default

 [ CA_default ]
 serial					= $dir/serial
 database				= $dir/certindex.txt
 new_certs_dir				= $dir/certs
 certificate				= $dir/cacert.pem
 private_key				= $dir/private/cakey.pem
 default_days				= 365
 default_md				= sha256
 preserve				= no
 email_in_dn				= no
 nameopt					= default_ca
 certopt					= default_ca
 policy					= policy_match

 [ policy_match ]
 countryName				= match
 stateOrProvinceName			= match
 organizationName			= match
 organizationalUnitName			= optional
 commonName				= supplied
 emailAddress				= optional
 [ usr_cert ]
 [ server_cert ]
 [ req ]
 default_bits				= 4096			# Size of keys
 default_keyfile				= key.pem		# name of generated keys
 default_md				= sha256				# message digest algorithm
 string_mask				= nombstr		# permitted characters
 distinguished_name			= req_distinguished_name
 req_extensions				= v3_req

 [ req_distinguished_name ]
 # Variable name				Prompt string
 #-------------------------	  ----------------------------------
 0.organizationName			= Organization Name (company)
 organizationalUnitName			= Organizational Unit Name (department, division)
 emailAddress				= Email Address
 emailAddress_max			= 40
 localityName				= Locality Name (city, district)
 stateOrProvinceName			= State or Province Name (full name)
 countryName				= Country Name (2 letter code)
 countryName_min				= 2
 countryName_max				= 2
 commonName				= Common Name (hostname, IP, or your name)
 commonName_max				= 64

 # Default values for the above, for consistency and less typing.
 # Variable name				Value
 #------------------------	  ------------------------------
 0.organizationName_default		= libwebsockets-test
 localityName_default			= Xiaobitan
 stateOrProvinceName_default		= Taipei
 countryName_default			= TW
 emailAddress				= none@invalid

 [ v3_ca ]
 basicConstraints			= CA:TRUE
 subjectKeyIdentifier			= hash
 authorityKeyIdentifier			= keyid:always,issuer:always

 [ v3_req ]
 basicConstraints			= CA:FALSE
 subjectKeyIdentifier			= hash
	#
	# OpenSSL configuration file.
	#

	# Establish working directory.

	dir = .

	[ ca ]
	default_ca = CA_default

	[ CA_default ]
	serial = $dir/serial
	database = $dir/certindex.txt
	new_certs_dir = $dir/certs
	certificate = $dir/cacert.pem
	private_key = $dir/private/cakey.pem
	default_days = 365
	default_md = sha256
	preserve = no
	email_in_dn = no
	nameopt = default_ca
	certopt = default_ca
	policy = policy_match

	[ policy_match ]
	countryName = match
	stateOrProvinceName = match
	organizationName = match
	organizationalUnitName = optional
	commonName = supplied
	emailAddress = optional
	[ usr_cert ]
	[ server_cert ]
	[ req ]
	default_bits = 4096 # Size of keys
	default_keyfile = key.pem # name of generated keys
	default_md = sha256 # message digest algorithm
	string_mask = nombstr # permitted characters
	distinguished_name = req_distinguished_name
	req_extensions = v3_req

	[ req_distinguished_name ]
	# Variable name Prompt string
	#------------------------- ----------------------------------
	0.organizationName = Organization Name (company)
	organizationalUnitName = Organizational Unit Name (department, division)
	emailAddress = Email Address
	emailAddress_max = 40
	localityName = Locality Name (city, district)
	stateOrProvinceName = State or Province Name (full name)
	countryName = Country Name (2 letter code)
	countryName_min = 2
	countryName_max = 2
	commonName = Common Name (hostname, IP, or your name)
	commonName_max = 64

	# Default values for the above, for consistency and less typing.
	# Variable name Value
	#------------------------ ------------------------------
	0.organizationName_default = libwebsockets-test
	localityName_default = Xiaobitan
	stateOrProvinceName_default = Taipei
	countryName_default = TW
	emailAddress = none@invalid

	[ v3_ca ]
	basicConstraints = CA:TRUE
	subjectKeyIdentifier = hash
	authorityKeyIdentifier = keyid:always,issuer:always

	[ v3_req ]
	basicConstraints = CA:FALSE
	subjectKeyIdentifier = hash