+++ /dev/null
- HOME = .
- RANDFILE = var/sec/x509/openssl.rand
- oid_section = extra_oids
-[ extra_oids ]
- # Pour EVSSL
- trustList = 2.16.840.1.113730.1.900
- telephoneNumber = 2.5.4.20
- initials = 2.5.4.43
- logotype = 1.3.6.1.5.5.7.1.12
-[ req ]
- prompt = no
- distinguished_name = root_distinguished_name
- string_mask = pkix
-[ root_distinguished_name ]
- commonName = $ENV::x509_host
- countryName = $ENV::x509_country
- initials = $ENV::x509_initials
- 0.organizationName = $ENV::x509_host
- organizationalUnitName = Anti-autorité de certification primaire
- postalCode = $ENV::x509_postal_code
- stateOrProvinceName = $ENV::x509_state_or_province
- streetAddress = $ENV::x509_street_address
- telephoneNumber = $ENV::x509_telephone_number
-[ root_extensions ]
- basicConstraints = critical,CA:TRUE,pathlen:1
- keyUsage = keyCertSign,cRLSign
- subjectAltName = email:contact@$ENV::x509_host
- subjectKeyIdentifier = hash
- issuerAltName = issuer:copy
- authorityKeyIdentifier = keyid:always,issuer:always
- authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
- crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/crl.pem
- #certificatePolicies = @root_certificate_policies
- #trustList = ASN1:UTF8String:https://www.$ENV::x509_host/x509/trust.etl
- #policyConstraints =
- #extendedKeyUsage =
- #inhibitAnyPolicy =
- #nameConstraints =
- #noCheck =