CertPathBuilder/selfIssued/openssl.cnf

1391N/A#
2362N/A# Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
1391N/A# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
1391N/A#
1391N/A# This code is free software; you can redistribute it and/or modify it
1391N/A# under the terms of the GNU General Public License version 2 only, as
2362N/A# published by the Free Software Foundation.  Oracle designates this
1391N/A# particular file as subject to the "Classpath" exception as provided
2362N/A# by Oracle in the LICENSE file that accompanied this code.
1391N/A#
1391N/A# This code is distributed in the hope that it will be useful, but WITHOUT
1391N/A# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
1391N/A# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
1391N/A# version 2 for more details (a copy is included in the LICENSE file that
1391N/A# accompanied this code).
1391N/A#
1391N/A# You should have received a copy of the GNU General Public License version
1391N/A# 2 along with this work; if not, write to the Free Software Foundation,
1391N/A# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
1391N/A#
2362N/A# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A# or visit www.oracle.com if you need additional information or have any
2362N/A# questions.
1391N/A#
1391N/A
1391N/A#
1391N/A# OpenSSL configuration file.
1391N/A#
1391N/A
1391N/AHOME                = .
1391N/ARANDFILE            = $ENV::HOME/.rnd
1391N/A
1391N/A[ ca ]
1391N/Adefault_ca          = CA_default
1391N/A
1391N/A[ CA_default ]
1391N/Adir                 = ./top
1391N/Acerts               = $dir/certs
1391N/Acrl_dir             = $dir/crl
1391N/Adatabase            = $dir/index.txt
1391N/Aunique_subject      = no
1391N/Anew_certs_dir       = $dir/newcerts
1391N/Acertificate         = $dir/cacert.pem
1391N/Aserial              = $dir/serial
1391N/Acrlnumber           = $dir/crlnumber
1391N/Acrl                 = $dir/crl.pem
1391N/Aprivate_key         = $dir/private/cakey.pem
1391N/ARANDFILE            = $dir/private/.rand
1391N/Ax509_extensions     = v3_ca
1391N/A
1391N/Aname_opt            = ca_default
1391N/Acert_opt            = ca_default
1391N/A
1391N/Adefault_days        = 7650
1391N/Adefault_crl_days    = 30
1391N/Adefault_md          = sha1
1391N/Apreserve            = no
1391N/A
1391N/Apolicy              = policy_anything
1391N/A
1391N/A[ ca_top ]
1391N/Adir                 = ./root
1391N/Acerts               = $dir/certs
1391N/Acrl_dir             = $dir/crl
1391N/Adatabase            = $dir/index.txt
1391N/Aunique_subject      = no
1391N/Anew_certs_dir       = $dir/newcerts
1391N/Acertificate         = $dir/cacert.pem
1391N/Aserial              = $dir/serial
1391N/Acrlnumber           = $dir/crlnumber
1391N/Acrl                 = $dir/crl.pem
1391N/Aprivate_key         = $dir/private/cakey.pem
1391N/ARANDFILE            = $dir/private/.rand
1391N/A
1391N/Ax509_extensions     = v3_ca
1391N/A
1391N/Aname_opt            = ca_default
1391N/Acert_opt            = ca_default
1391N/A
1391N/Adefault_days        = 7650
1391N/Adefault_crl_days    = 30
1391N/Adefault_md          = sha1
1391N/Apreserve            = no
1391N/A
1391N/Apolicy              = policy_anything
1391N/A
1391N/A[ ca_subca ]
1391N/Adir                 = ./subca
1391N/Acerts               = $dir/certs
1391N/Acrl_dir             = $dir/crl
1391N/Adatabase            = $dir/index.txt
1391N/Aunique_subject      = no
1391N/Anew_certs_dir       = $dir/newcerts
1391N/A
1391N/Acertificate         = $dir/cacert.pem
1391N/Aserial              = $dir/serial
1391N/Acrlnumber           = $dir/crlnumber
1391N/Acrl                 = $dir/crl.pem
1391N/Aprivate_key         = $dir/private/cakey.pem
1391N/ARANDFILE            = $dir/private/.rand
1391N/A
1391N/Ax509_extensions     = usr_cert
1391N/A
1391N/Aname_opt            = ca_default
1391N/Acert_opt            = ca_default
1391N/A
1391N/Adefault_days        = 7650
1391N/Adefault_crl_days    = 30
1391N/Adefault_md          = sha1
1391N/Apreserve            = no
1391N/A
1391N/Apolicy              = policy_anything
1391N/A
1391N/A[ policy_match ]
1391N/AcountryName         = match
1391N/AstateOrProvinceName = match
1391N/AorganizationName    = match
1391N/AorganizationalUnitName  = optional
1391N/AcommonName          = supplied
1391N/AemailAddress        = optional
1391N/A
1391N/A[ policy_anything ]
1391N/AcountryName         = optional
1391N/AstateOrProvinceName = optional
1391N/AlocalityName        = optional
1391N/AorganizationName    = optional
1391N/AorganizationalUnitName  = optional
1391N/AcommonName          = supplied
1391N/AemailAddress        = optional
1391N/A
1391N/A[ req ]
1391N/Adefault_bits        = 1024
1391N/Adefault_keyfile     = privkey.pem
1391N/Adistinguished_name  = req_distinguished_name
1391N/Aattributes          = req_attributes
1391N/Ax509_extensions     = v3_ca
1391N/A
1391N/Astring_mask = nombstr
1391N/A
1391N/A[ req_distinguished_name ]
1391N/AcountryName         = Country Name (2 letter code)
1391N/AcountryName_default = NO
1391N/AcountryName_min     = 2
1391N/AcountryName_max     = 2
1391N/A
1391N/AstateOrProvinceName = State or Province Name (full name)
1391N/AstateOrProvinceName_default  = A-State
1391N/A
1391N/AlocalityName        = Locality Name (eg, city)
1391N/A
1391N/A0.organizationName  = Organization Name (eg, company)
1391N/A0.organizationName_default   = Internet Widgits Pty Ltd
1391N/A
1391N/AorganizationalUnitName       = Organizational Unit Name (eg, section)
1391N/A
1391N/AcommonName              = Common Name (eg, YOUR name)
1391N/AcommonName_max          = 64
1391N/A
1391N/AemailAddress            = Email Address
1391N/AemailAddress_max        = 64
1391N/A
1391N/A[ req_attributes ]
1391N/AchallengePassword       = A challenge password
1391N/AchallengePassword_min   = 4
1391N/AchallengePassword_max   = 20
1391N/AunstructuredName        = An optional company name
1391N/A
1391N/A[ usr_cert ]
1391N/AkeyUsage                = nonRepudiation, digitalSignature, keyEncipherment
1391N/A
1391N/AsubjectKeyIdentifier    = hash
1391N/AauthorityKeyIdentifier  = keyid,issuer
1391N/A
1391N/A[ v3_req ]
1391N/AbasicConstraints        = CA:FALSE
1391N/AkeyUsage                = nonRepudiation, digitalSignature, keyEncipherment
1391N/AsubjectAltName          = email:example@openjdk.net, RID:1.2.3.4:true
1391N/A
1391N/A[ v3_ca ]
1391N/AsubjectKeyIdentifier    = hash
1391N/AauthorityKeyIdentifier  = keyid:always,issuer:always
1391N/AbasicConstraints        = critical,CA:true
1391N/AkeyUsage                = keyCertSign, cRLSign
1391N/A
1391N/A[ cert_issuer ]
1391N/AsubjectKeyIdentifier    = hash
1391N/AauthorityKeyIdentifier  = keyid:always,issuer:always
1391N/AbasicConstraints        = critical,CA:true
1391N/AkeyUsage                = keyCertSign, cRLSign
1391N/A
1391N/A[ crl_issuer ]
1391N/AsubjectKeyIdentifier    = hash
1391N/AauthorityKeyIdentifier  = keyid:always,issuer:always
1391N/AbasicConstraints        = critical,CA:true
1391N/AkeyUsage                = keyCertSign, cRLSign
1391N/A
1391N/A
1391N/A[ crl_ext ]
1391N/AauthorityKeyIdentifier  = keyid:always,issuer:always
1391N/A
1391N/A[ ee_of_subca ]
1391N/AkeyUsage    = nonRepudiation, digitalSignature, keyEncipherment, keyAgreement
1391N/A
1391N/AsubjectKeyIdentifier    = hash
1391N/AauthorityKeyIdentifier  = keyid,issuer