etc/openssl/ca.cfg

   1         HOME        = .
   2         RANDFILE    = var/sec/x509/openssl.rand
   3         oid_section = extra_oids
   4 [ extra_oids ]
   5         # Pour EVSSL
   6         trustList       = 2.16.840.1.113730.1.900
   7         telephoneNumber = 2.5.4.20
   8         initials        = 2.5.4.43
   9         logotype        = 1.3.6.1.5.5.7.1.12
  10 [ req ]
  11         prompt             = no
  12         distinguished_name = root_distinguished_name
  13         string_mask        = pkix
  14 [ root_distinguished_name ]
  15         commonName             = $ENV::x509_host
  16         countryName            = $ENV::x509_country
  17         initials               = $ENV::x509_initials
  18         0.organizationName     = $ENV::x509_host
  19         organizationalUnitName = Anti-autorité de certification primaire
  20         postalCode             = $ENV::x509_postal_code
  21         stateOrProvinceName    = $ENV::x509_state_or_province
  22         streetAddress          = $ENV::x509_street_address
  23         telephoneNumber        = $ENV::x509_telephone_number
  24 [ root_extensions ]
  25         basicConstraints       = critical,CA:TRUE,pathlen:1
  26         keyUsage               = keyCertSign,cRLSign
  27         subjectAltName         = email:contact@$ENV::x509_host
  28         subjectKeyIdentifier   = hash
  29         issuerAltName          = issuer:copy
  30         authorityKeyIdentifier = keyid:always,issuer:always
  31         authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/tls/crt.pem
  32         crlDistributionPoints  = URI:http://www.$ENV::x509_host/tls/crl.pem
  33         #certificatePolicies    = @root_certificate_policies
  34         #trustList              = ASN1:UTF8String:https://www.$ENV::x509_host/tls/trust.etl
  35         #policyConstraints      =
  36         #extendedKeyUsage       =
  37         #inhibitAnyPolicy       =
  38         #nameConstraints        =
  39         #noCheck                =