mirror of
https://github.com/klzgrad/naiveproxy.git
synced 2024-12-01 09:46:09 +03:00
79 lines
2.2 KiB
Plaintext
79 lines
2.2 KiB
Plaintext
|
# Defaults in the event they're not set in the environment
|
||
|
CA_DIR = out
|
||
|
KEY_SIZE = 2048
|
||
|
ALGO = sha256
|
||
|
CERT_TYPE = root
|
||
|
CA_NAME = req_env_dn
|
||
|
|
||
|
[ca]
|
||
|
default_ca = CA_root
|
||
|
preserve = yes
|
||
|
|
||
|
# The default test root, used to generate certificates and CRLs.
|
||
|
[CA_root]
|
||
|
dir = $ENV::CA_DIR
|
||
|
key_size = $ENV::KEY_SIZE
|
||
|
algo = $ENV::ALGO
|
||
|
cert_type = $ENV::CERT_TYPE
|
||
|
type = $key_size-$algo-$cert_type
|
||
|
database = $dir/$type-index.txt
|
||
|
new_certs_dir = $dir
|
||
|
serial = $dir/$type-serial
|
||
|
certificate = $dir/$type.pem
|
||
|
private_key = $dir/$type.key
|
||
|
RANDFILE = $dir/.rand
|
||
|
default_days = 3650
|
||
|
default_crl_days = 30
|
||
|
default_md = sha256
|
||
|
policy = policy_anything
|
||
|
unique_subject = no
|
||
|
copy_extensions = copy
|
||
|
|
||
|
[user_cert]
|
||
|
# Extensions to add when signing a request for an EE cert
|
||
|
basicConstraints = critical, CA:false
|
||
|
subjectKeyIdentifier = hash
|
||
|
authorityKeyIdentifier = keyid:always
|
||
|
extendedKeyUsage = serverAuth,clientAuth
|
||
|
|
||
|
[ca_cert]
|
||
|
# Extensions to add when signing a request for an intermediate/CA cert
|
||
|
basicConstraints = critical, CA:true
|
||
|
subjectKeyIdentifier = hash
|
||
|
keyUsage = critical, keyCertSign, cRLSign
|
||
|
|
||
|
[crl_extensions]
|
||
|
# Extensions to add when signing a CRL
|
||
|
authorityKeyIdentifier = keyid:always
|
||
|
|
||
|
[policy_anything]
|
||
|
# Default signing policy
|
||
|
countryName = optional
|
||
|
stateOrProvinceName = optional
|
||
|
localityName = optional
|
||
|
organizationName = optional
|
||
|
organizationalUnitName = optional
|
||
|
commonName = optional
|
||
|
emailAddress = optional
|
||
|
|
||
|
[req]
|
||
|
# The request section used to generate the root CA certificate. This should
|
||
|
# not be used to generate end-entity certificates. For certificates other
|
||
|
# than the root CA, see README to find the appropriate configuration file
|
||
|
# (ie: openssl_cert.cnf).
|
||
|
default_bits = $ENV::KEY_SIZE
|
||
|
default_md = sha256
|
||
|
string_mask = utf8only
|
||
|
prompt = no
|
||
|
encrypt_key = no
|
||
|
distinguished_name = $ENV::CA_NAME
|
||
|
x509_extensions = req_ca_exts
|
||
|
|
||
|
[req_env_dn]
|
||
|
CN = QUIC Server Root CA
|
||
|
|
||
|
[req_ca_exts]
|
||
|
basicConstraints = critical, CA:true
|
||
|
keyUsage = critical, keyCertSign, cRLSign
|
||
|
subjectKeyIdentifier = hash
|