Shellpki is a very tiny and easy PKI in command lines.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

59 lines
1.8 KiB

  1. [ ca ]
  2. default_ca = CA_default
  3. [ CA_default ]
  4. dir = /etc/shellpki
  5. certs = $dir/certs
  6. new_certs_dir = $dir/tmp
  7. database = $dir/index.txt
  8. certificate = $dir/cacert.pem
  9. serial = $dir/serial
  10. crl = $dir/crl.pem
  11. private_key = $dir/cakey.key
  12. RANDFILE = $dir/.rand
  13. default_days = 365
  14. default_crl_days= 365
  15. default_md = sha256
  16. preserve = no
  17. policy = policy_match
  18. [ policy_match ]
  19. countryName = supplied
  20. stateOrProvinceName = supplied
  21. organizationName = supplied
  22. organizationalUnitName = optional
  23. commonName = supplied
  24. emailAddress = supplied
  25. [ req ]
  26. default_bits = 2048
  27. distinguished_name = req_distinguished_name
  28. [ v3_ca ]
  29. subjectKeyIdentifier=hash
  30. authorityKeyIdentifier=keyid:always,issuer:always
  31. basicConstraints = CA:true
  32. [ v3_ocsp ]
  33. basicConstraints = CA:FALSE
  34. keyUsage = nonRepudiation, digitalSignature, keyEncipherment
  35. extendedKeyUsage = OCSPSigning
  36. [ req_distinguished_name ]
  37. countryName = Country Name (2 letter code)
  38. countryName_default = FR
  39. countryName_min = 2
  40. countryName_max = 2
  41. stateOrProvinceName = State or Province
  42. stateOrProvinceName_default = 13
  43. localityName = Locality Name (eg, city)
  44. localityName_default = Marseille
  45. 0.organizationName = Organization Name (eg, company)
  46. 0.organizationName_default = Evolix
  47. organizationalUnitName = Organizational Unit Name (eg, section)
  48. commonName = Common Name (eg, your name or your server\'s hostname)
  49. commonName_max = 64
  50. emailAddress = Email Address
  51. emailAddress_default = security@evolix.net
  52. emailAddress_max = 40