38 lines
1.1 KiB
Text
38 lines
1.1 KiB
Text
[ ca ]
|
|
default_ca = devcert_ca
|
|
|
|
[ devcert_ca ]
|
|
# Serial file that counts up unique IDs for each cert issued
|
|
serial = <%= serialFile.replace(/\\/g, '\\\\') %>
|
|
# Database file that tracks all issued certs
|
|
database = <%= databaseFile.replace(/\\/g, '\\\\') %>
|
|
# Where to put the new cert
|
|
new_certs_dir = <%= domainDir.replace(/\\/g, '\\\\') %>
|
|
# Which algorithm to use
|
|
default_md = sha256
|
|
# Don't prompt the TTY for input, just use the config file values
|
|
prompt = no
|
|
# Interpret strings as utf8, not ASCII
|
|
utf8 = yes
|
|
# This specifies the configuration file section containing a list of extensions
|
|
# to add to the certificate request.
|
|
req_extensions = req_extensions
|
|
x509_extensions = domain_certificate_extensions
|
|
# How long is the domain cert good for
|
|
default_days = 7000
|
|
# What do CSRs need to supply?
|
|
policy = loose_policy
|
|
|
|
[ loose_policy ]
|
|
commonName = supplied
|
|
|
|
[ domain_certificate_extensions ]
|
|
basicConstraints = critical, CA:FALSE
|
|
subjectKeyIdentifier = hash
|
|
authorityKeyIdentifier = keyid,issuer:always
|
|
keyUsage = critical, digitalSignature, keyEncipherment
|
|
extendedKeyUsage = serverAuth
|
|
subjectAltName = @subject_alt_names
|
|
|
|
[ subject_alt_names ]
|
|
<%= subjectAltNames %>
|