[ ca ] default_ca = myca [ crl_ext ] issuerAltName=issuer:copy authorityKeyIdentifier=keyid:always [ myca ] dir = ./certs/ new_certs_dir = $dir unique_subject = no certificate = $dir/test-ca-cert.pem database = $dir/certindex private_key = $dir/test-ca-key.pem serial = $dir/certserial default_days = 730 default_md = sha1 policy = myca_policy x509_extensions = myca_extensions crlnumber = $dir/crlnumber default_crl_days = 730 [ myca_policy ] commonName = supplied stateOrProvinceName = supplied countryName = optional emailAddress = optional organizationName = supplied organizationalUnitName = optional [ myca_extensions ] basicConstraints = critical,CA:TRUE keyUsage = critical,any subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer keyUsage = digitalSignature,keyEncipherment,cRLSign,keyCertSign extendedKeyUsage = serverAuth crlDistributionPoints = @crl_section subjectAltName = @alt_names authorityInfoAccess = @ocsp_section [ v3_ca ] basicConstraints = critical,CA:TRUE,pathlen:0 keyUsage = critical,any subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer keyUsage = digitalSignature,keyEncipherment,cRLSign,keyCertSign extendedKeyUsage = serverAuth crlDistributionPoints = @crl_section subjectAltName = @alt_names authorityInfoAccess = @ocsp_section [alt_names] DNS.0 = wgettesterr [crl_section] URI.0 = http://test.wgettest.org/Bogus.crl URI.1 = http://test.wgettest.org/Bogus.crl [ocsp_section] caIssuers;URI.0 = http://test.wgettest.com/Bogus.crt caIssuers;URI.1 = http://test.wgettest.com/Bogus.crt OCSP;URI.0 = http://test.wgettest.com/ocsp/ OCSP;URI.1 = http://test.wgettest.com/ocsp/