Openssl.cnf

# RANDFILE               = .rnd [ ca ] default_ca     = CA_default            # The default ca section [ CA_default ] dir            = demoCA                # Where everything is kept certs          = $dir\certs            # Where the issued certs are kept crl_dir        = $dir\crl              # Where the issued crl are kept database       = $dir\index.txt        # database index file. new_certs_dir  = $dir\newcerts         # default place for new certs. certificate    = $dir\cacert.pem          # The CA certificate serial         = $dir\serial              # The current serial number crl            = $dir\crl.pem             # The current CRL private_key    = $dir\private\cakey.pem   # The private key RANDFILE       = $dir\private\private.rnd # private random number file x509_extensions = x509v3_extensions    # The extentions to add to the cert default_days   = 365                   # how long to certify for default_crl_days= 30                   # how long before next CRL default_md     = md5                   # which md to use. preserve       = no                    # keep passed DN ordering policy         = policy_match [ policy_match ] countryName            = optional stateOrProvinceName    = optional organizationName       = optional organizationalUnitName = optional commonName             = supplied emailAddress           = optional [ policy_anything ] countryName            = optional stateOrProvinceName    = optional localityName           = optional organizationName       = optional organizationalUnitName = optional commonName             = supplied emailAddress           = optional [ req ] default_bits           = 1024 default_keyfile        = privkey.pem distinguished_name     = req_distinguished_name attributes             = req_attributes [ req_distinguished_name ] countryName                    = Country Name (2 letter code) countryName_min                = 2 countryName_max                = 2 stateOrProvinceName            = State or Province Name (full name) localityName                   = Locality Name (eg, city) 0.organizationName             = Organization Name (eg, company) organizationalUnitName         = Organizational Unit Name (eg, section) commonName                     = Common Name (eg, your website's domain name) commonName_max                 = 64 emailAddress                   = Email Address emailAddress_max               = 40 [ req_attributes ] challengePassword              = A challenge password challengePassword_min          = 4 challengePassword_max          = 20 [ x509v3_extensions ] nsCertType                     = 0x40
 * 1) SSLeay example configuration file.
 * 2) This is mostly being used for generation of certificate requests.
 * 1) This is mostly being used for generation of certificate requests.
 * 1) A few difference way of specifying how similar the request should look
 * 2) For type CA, the listed attributes must be the same, and the optional
 * 3) and supplied fields are just that :-)
 * 1) For the CA policy
 * 1) For the 'anything' policy
 * 2) At this point in time, you must list all acceptable 'object'
 * 3) types.
 * 1) under ASN.1, the 0 bit would be encoded as 80
 * 1) nsBaseUrl
 * 2) nsRevocationUrl
 * 3) nsRenewalUrl
 * 4) nsCaPolicyUrl
 * 5) nsSslServerName
 * 6) nsCertSequence
 * 7) nsCertExt
 * 8) nsDataType