dir = . [ ca ] default_ca = CA_default [ CA_default ] serial = $dir/serial database = $dir/certindex.txt new_certs_dir = $dir/certs certificate = $dir/cacert.pem private_key = $dir/private/cakey.pem default_days = 365 default_md = md5 preserve = no email_in_dn = no nameopt = default_ca certopt = default_ca policy = policy_match [ policy_match ] countryName = match stateOrProvinceName = match organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional [ req ] default_bits = 1024 # Size of keys default_keyfile = key.pem # name of generated keys default_md = md5 # message digest algorithm string_mask = nombstr # permitted characters distinguished_name = req_distinguished_name req_extensions = v3_req [ req_distinguished_name ] # Variable name Prompt string #------------------------- ---------------------------------- 0.organizationName = University of Salerno organizationalUnitName = Department of Computer Science emailAddress = Email Address emailAddress_max = 40 localityName = Fisciano stateOrProvinceName = Italy countryName = IT countryName_min = 2 countryName_max = 2 commonName = TSA del corso di Sicurezza 2016/2017 commonName_max = 64 # Default values for the above, for consistency and less typing. # Variable name Value #------------------------ ------------------------------ 0.organizationName_default = University of Salerno localityName_default = Fisciano stateOrProvinceName_default = Italy countryName_default = IT [ v3_ca ] basicConstraints = CA:TRUE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always [v3_tsa] basicConstraints=CA:FALSE subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer keyUsage = nonRepudiation,digitalSignature extendedKeyUsage = critical,timeStamping [ v3_req ] basicConstraints = CA:FALSE subjectKeyIdentifier = hash [ tsa ] default_tsa = tsa_config1 # the default TSA section [ tsa_config1 ] # These are used by the TSA reply generation only. dir = . serial = $dir/tsaserial crypto_device = builtin signer_cert = $dir/tsacert.pem signer_key = $dir/private/tsakey.pem default_policy = 1.2.3.4 #other_policies = tsa_policy2, tsa_policy3 digests = md5, sha1