Net-SSLeay-OO
view release on metacpan or search on metacpan
t/certs/ca-openssl.cnf view on Meta::CPAN
# Configuration file
RANDFILE = $ENV::HOME/.rnd
[ req ]
default_bits = 1024
default_keyfile = keyfile.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no
output_password = mypass
[ req_distinguished_name ]
C = NZ
ST = Test State or Province
L = Test Locality
O = Organization Name
OU = Organizational Unit Name
CN = Test CA
# if you set this, then the certificate doesn't self-verify..
#emailAddress = ca@example.com
[ req_attributes ]
challengePassword = A challenge password
[ ca ]
default_ca = test_ca
[ test_ca ]
dir = .
certs = $dir/.
crl_dir = $dir/.
database = $dir/index.txt
new_certs_dir = $dir/.
certificate = $dir/my-ca.pem
serial = $dir/serial
crlnumber = $dir/crlnumber
#crl = $dir/crl.pem # The current CRL
private_key = $dir/ca-key.pem
RANDFILE = $dir/.rand
email_in_dn = no
x509_extensions = usr_cert
# thank-you, http://www.phildev.net/ssl/opensslconf.xhtml
copy_extensions = copy
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
#default_days = 365 # how long to certify for
#default_crl_days= 30 # how long before next CRL
default_md = sha1 # which md to use.
#preserve = no # keep passed DN ordering
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
#subjectAltName = optional
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = critical,CA:true
#subjectAltName=email:move
[ usr_cert ]
basicConstraints=CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
nsComment = "SSL is over-complicated"
[ client_cert ]
nsCertType = client
[ server_cert ]
nsCertType = server
( run in 0.919 second using v1.01-cache-2.11-cpan-39bf76dae61 )