### Defaults.
RANDFILE = /dev/urandom
+db_suffix =
###--------------------------------------------------------------------------
### Certificate request configuration.
[req]
default_bits = 3072
encrypt_key = no
-default_md = sha1
+default_md = sha256
utf8 = yes
x509_extensions = ca-extensions
distinguished_name = req-dn
[distorted-ca]
default_days = 1825
-default_md = sha1
+default_md = sha256
unique_subject = no
email_in_dn = no
private_key = private/ca.key
certificate = ca.cert
-database = state/db
+database = state/db$ENV::db_suffix
serial = state/serial
crlnumber = state/crlnumber
-default_crl_days = 7
-new_certs_dir = tmp
+default_crl_hours = 28
x509_extensions = tls-server-extensions
crl_extensions = crl-extensions
policy = distorted-policy
countryName = supplied
stateOrProvinceName = optional
localityName = optional
-organizationName = match
+organizationName = supplied
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[crl-extensions]
issuerAltName = email:ca@distorted.org.uk
-crlDistributionPoints=URI:http://www.distorted.org.uk/ca/distorted.crl
+crlDistributionPoints = URI:http://www.distorted.org.uk/ca/crl
[ca-extensions]
basicConstraints = critical, CA:TRUE
keyUsage = critical, keyCertSign
subjectKeyIdentifier = hash
subjectAltName = email:ca@distorted.org.uk
-crlDistributionPoints=URI:http://www.distorted.org.uk/ca/distorted.crl
+crlDistributionPoints = URI:http://www.distorted.org.uk/ca/crl
[tls-server-extensions]
basicConstraints = critical, CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
issuerAltName = issuer:copy
-crlDistributionPoints=URI:http://www.distorted.org.uk/ca/distorted.crl
+crlDistributionPoints = URI:http://www.distorted.org.uk/ca/crl
[tls-client-extensions]
basicConstraints = critical, CA:FALSE
authorityKeyIdentifier = keyid:always,issuer:always
issuerAltName = issuer:copy
subjectAltName = email:copy
-crlDistributionPoints=URI:http://www.distorted.org.uk/ca/distorted.crl
+crlDistributionPoints = URI:http://www.distorted.org.uk/ca/crl
###----- That's all, folks --------------------------------------------------