User Guide

Table Of Contents

Administrator Console 4 - 25

# The default root certificate generation policy.

[ req ]

default_bits = 2048

default_keyfile = ./private/cakey.pem

default_md = sha1

prompt = no

distinguished_name = root_ca_distinguished_name

x509_extensions = v3_ca

# Root Certificate Authority distinguished name. Change these fields to match

# your local environment!

[ root_ca_distinguished_name ]

commonName = XYZ Root Certification Authority

stateOrProvinceName = IL

countryName = US

emailAddress = ca@xyz.com

organizationName = XYZ

organizationalUnitName = ABC Dept

[ root_ca_extensions ]

basicConstraints = CA:true

[ v3_req ]

basicConstraints = CA:FALSE

keyUsage = nonRepudiation, digitalSignature, keyEncipherment

[ v3_ca ]

basicConstraints = critical, CA:true, pathlen:0

nsCertType = sslCA

keyUsage = cRLSign, keyCertSign

extendedKeyUsage = serverAuth, clientAuth

nsComment = "CA Certificate"

[ ssl_client_server ]

basicConstraints = CA:FALSE

nsCertType = server, client

Draft 2