[ ca ] default_ca = RootCA # The default ca section [ RootCA ] dir = . # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. new_certs_dir = $dir/newcerts # default place for new certs. certificate = $dir/cacert.pem # The CA certificate serial = $dir/serial # The current serial number crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem# The private key RANDFILE = $dir/private/.rand # private random number file unique_subject = no # Set to 'no' to allow creation of # several ctificates with same subject. email_in_dn = yes policy = policy_match x509_extensions = ca_cert # The extentions to add to the cert certificate = $dir/RootCA.cert.pem private_key = $dir/RootCA.key.pem default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL default_md = sha1 # which md to use. [ req_distinguished_name ] countryName = Land (2stelliger Code) countryName_default = AT countryName_min = 2 countryName_max = 2 stateOrProvinceName = Bundesstaat stateOrProvinceName_default = Provinz localityName = Stadt localityName_default = Stadt 0.organizationName = Firma 0.organizationName_default = Firma # we can do this but it is not needed normally :-) #1.organizationName = Second Organization Name (eg, company) #1.organizationName_default = World Wide Web Pty Ltd #organizationalUnitName = Abteilung #organizationalUnitName_default = commonName = Common Name commonName_max = 64 commonName_default = Root CA emailAddress = eMail Adresse emailAddress_max = 64 [ req ] distinguished_name = req_distinguished_name [ ca_cert ] basicConstraints=CA:true nsComment = "OpenSSL Generated Certificate with AdditionalPublicKey" subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always [ new_oids ] akd=1.3.6.1.4.1.18506.7 [extensions]