1*6777b538SAndroid Build Coastguard WorkerCA_DIR = out 2*6777b538SAndroid Build Coastguard Worker 3*6777b538SAndroid Build Coastguard Worker[ca] 4*6777b538SAndroid Build Coastguard Workerdefault_ca = CA_root 5*6777b538SAndroid Build Coastguard Workerpreserve = yes 6*6777b538SAndroid Build Coastguard Worker 7*6777b538SAndroid Build Coastguard Worker# The default test root, used to generate certificates and CRLs. 8*6777b538SAndroid Build Coastguard Worker[CA_root] 9*6777b538SAndroid Build Coastguard Workerdir = ${ENV::CA_DIR} 10*6777b538SAndroid Build Coastguard Workerdatabase = ${dir}/${ENV::CERTIFICATE}-index.txt 11*6777b538SAndroid Build Coastguard Workernew_certs_dir = ${dir} 12*6777b538SAndroid Build Coastguard Workerserial = ${dir}/${ENV::CERTIFICATE}-serial 13*6777b538SAndroid Build Coastguard Workercertificate = ${dir}/${ENV::CERTIFICATE}.pem 14*6777b538SAndroid Build Coastguard Workerprivate_key = ${dir}/${ENV::CERTIFICATE}.key 15*6777b538SAndroid Build Coastguard WorkerRANDFILE = ${dir}/rand 16*6777b538SAndroid Build Coastguard Workerdefault_days = 3650 17*6777b538SAndroid Build Coastguard Workerdefault_crl_days = 30 18*6777b538SAndroid Build Coastguard Workerdefault_md = sha256 19*6777b538SAndroid Build Coastguard Workerpolicy = policy_anything 20*6777b538SAndroid Build Coastguard Workerunique_subject = no 21*6777b538SAndroid Build Coastguard Worker 22*6777b538SAndroid Build Coastguard Worker[user_cert] 23*6777b538SAndroid Build Coastguard Worker# Extensions to add when signing a request for an EE cert 24*6777b538SAndroid Build Coastguard WorkerbasicConstraints = critical, CA:false 25*6777b538SAndroid Build Coastguard WorkersubjectKeyIdentifier = hash 26*6777b538SAndroid Build Coastguard WorkerauthorityKeyIdentifier = keyid:always 27*6777b538SAndroid Build Coastguard WorkerextendedKeyUsage = serverAuth,clientAuth 28*6777b538SAndroid Build Coastguard WorkersubjectAltName = IP:127.0.0.1 29*6777b538SAndroid Build Coastguard Worker 30*6777b538SAndroid Build Coastguard Worker[ca_cert] 31*6777b538SAndroid Build Coastguard Worker# Extensions to add when signing a request for an intermediate/CA cert 32*6777b538SAndroid Build Coastguard WorkerbasicConstraints = critical, CA:true 33*6777b538SAndroid Build Coastguard WorkersubjectKeyIdentifier = hash 34*6777b538SAndroid Build Coastguard WorkerkeyUsage = critical, keyCertSign, cRLSign 35*6777b538SAndroid Build Coastguard Worker 36*6777b538SAndroid Build Coastguard Worker[ca_cert_with_aki] 37*6777b538SAndroid Build Coastguard Worker# Extensions to add when signing a request for an intermediate/CA cert 38*6777b538SAndroid Build Coastguard WorkerbasicConstraints = critical, CA:true 39*6777b538SAndroid Build Coastguard WorkersubjectKeyIdentifier = hash 40*6777b538SAndroid Build Coastguard WorkerauthorityKeyIdentifier = keyid:always 41*6777b538SAndroid Build Coastguard WorkerkeyUsage = critical, keyCertSign, cRLSign 42*6777b538SAndroid Build Coastguard Worker 43*6777b538SAndroid Build Coastguard Worker 44*6777b538SAndroid Build Coastguard Worker[crl_extensions] 45*6777b538SAndroid Build Coastguard Worker# Extensions to add when signing a CRL 46*6777b538SAndroid Build Coastguard WorkerauthorityKeyIdentifier = keyid:always 47*6777b538SAndroid Build Coastguard Worker 48*6777b538SAndroid Build Coastguard Worker[policy_anything] 49*6777b538SAndroid Build Coastguard Worker# Default signing policy 50*6777b538SAndroid Build Coastguard WorkercountryName = optional 51*6777b538SAndroid Build Coastguard WorkerstateOrProvinceName = optional 52*6777b538SAndroid Build Coastguard WorkerlocalityName = optional 53*6777b538SAndroid Build Coastguard WorkerorganizationName = optional 54*6777b538SAndroid Build Coastguard WorkerorganizationalUnitName = optional 55*6777b538SAndroid Build Coastguard WorkercommonName = optional 56*6777b538SAndroid Build Coastguard WorkeremailAddress = optional 57*6777b538SAndroid Build Coastguard Worker 58*6777b538SAndroid Build Coastguard Worker[req] 59*6777b538SAndroid Build Coastguard Worker# The request section used to generate certificate requests. 60*6777b538SAndroid Build Coastguard Workerdefault_bits = 2048 61*6777b538SAndroid Build Coastguard Workerdefault_md = sha256 62*6777b538SAndroid Build Coastguard Workerstring_mask = utf8only 63*6777b538SAndroid Build Coastguard Workerprompt = no 64*6777b538SAndroid Build Coastguard Workerencrypt_key = no 65*6777b538SAndroid Build Coastguard Workerdistinguished_name = req_env_dn 66*6777b538SAndroid Build Coastguard Worker 67*6777b538SAndroid Build Coastguard Worker[req_env_dn] 68*6777b538SAndroid Build Coastguard WorkerCN = ${ENV::CA_COMMON_NAME} 69