HOME = ./tempCA RANDFILE = $ENV::HOME/.rnd oid_section = new_oids [ new_oids ] # Referred by the polsect section my_policy_oid = 1.3.6.1.4.1.18506.2.3.1 [ ca ] default_ca = CA_default [ CA_default ] # ./tempCA for development and test, /etc/ssl/CA for "testserver production" dir = ./tempCA certs = $dir/certs # Where the issued certs are kept database = $dir/index.txt # database index file. new_certs_dir = $dir/newcerts # default place for new certs. certificate = $dir/cacert.crt # The CA certificate serial = $dir/serial # The current serial number private_key = $dir/cacert.pem # The private key RANDFILE = $dir/private/.rand # private random number file default_md = sha256 # which md to use. x509_extensions = class3_root # The extentions to add to the cert policy = policy_anything # Should not be used, but for completeness... crl_dir = $dir/crl # Where the issued crl are kept crlnumber = $dir/crlnumber # Where the current CRL-number is stored (bug-1438) crl = $dir/crl.pem # The current CRL default_days = 180 # how long to certify for default_crl_days= 30 # how long before next CRL preserve = no # keep passed DN ordering [ class3_root ] # The extensions for the testserver class 3 intermediate certificate # Obviously this is essential basicConstraints = critical, CA:true # Adjust OCSP links to testserver authorityInfoAccess = OCSP;URI:http://ocsp.test.CAcert.org/,caIssuers;URI:http://test.CAcert.org/class3.crt # Policies are the same as in the production system certificatePolicies = @polsect # Use the testserver for CRL crlDistributionPoints = URI:https://test.cacert.org/class3-revoke.crl subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always [ polsect ] # The same policy as in the production environment CPS = "http://www.CAcert.org/cps.php" policyIdentifier = my_policy_oid [ policy_anything ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = optional subjectAltName = optional