1*6777b538SAndroid Build Coastguard Worker# Defaults in the event they're not set in the environment 2*6777b538SAndroid Build Coastguard WorkerCA_DIR = out 3*6777b538SAndroid Build Coastguard WorkerKEY_SIZE = 2048 4*6777b538SAndroid Build Coastguard WorkerALGO = sha256 5*6777b538SAndroid Build Coastguard WorkerCERT_TYPE = root 6*6777b538SAndroid Build Coastguard WorkerCA_NAME = req_env_dn 7*6777b538SAndroid Build Coastguard Worker 8*6777b538SAndroid Build Coastguard Worker[ca] 9*6777b538SAndroid Build Coastguard Workerdefault_ca = CA_root 10*6777b538SAndroid Build Coastguard Workerpreserve = yes 11*6777b538SAndroid Build Coastguard Worker 12*6777b538SAndroid Build Coastguard Worker# The default test root, used to generate certificates and CRLs. 13*6777b538SAndroid Build Coastguard Worker[CA_root] 14*6777b538SAndroid Build Coastguard Workerdir = $ENV::CA_DIR 15*6777b538SAndroid Build Coastguard Workerkey_size = $ENV::KEY_SIZE 16*6777b538SAndroid Build Coastguard Workeralgo = $ENV::ALGO 17*6777b538SAndroid Build Coastguard Workercert_type = $ENV::CERT_TYPE 18*6777b538SAndroid Build Coastguard Workertype = $key_size-$algo-$cert_type 19*6777b538SAndroid Build Coastguard Workerdatabase = $dir/$type-index.txt 20*6777b538SAndroid Build Coastguard Workernew_certs_dir = $dir 21*6777b538SAndroid Build Coastguard Workerserial = $dir/$type-serial 22*6777b538SAndroid Build Coastguard Workercertificate = $dir/$type.pem 23*6777b538SAndroid Build Coastguard Workerprivate_key = $dir/$type.key 24*6777b538SAndroid Build Coastguard WorkerRANDFILE = $dir/.rand 25*6777b538SAndroid Build Coastguard Workerdefault_days = 3650 26*6777b538SAndroid Build Coastguard Workerdefault_crl_days = 30 27*6777b538SAndroid Build Coastguard Workerdefault_md = sha256 28*6777b538SAndroid Build Coastguard Workerpolicy = policy_anything 29*6777b538SAndroid Build Coastguard Workerunique_subject = no 30*6777b538SAndroid Build Coastguard Workercopy_extensions = copy 31*6777b538SAndroid Build Coastguard Worker 32*6777b538SAndroid Build Coastguard Worker[user_cert] 33*6777b538SAndroid Build Coastguard Worker# Extensions to add when signing a request for an EE cert 34*6777b538SAndroid Build Coastguard WorkerbasicConstraints = critical, CA:false 35*6777b538SAndroid Build Coastguard WorkersubjectKeyIdentifier = hash 36*6777b538SAndroid Build Coastguard WorkerauthorityKeyIdentifier = keyid:always 37*6777b538SAndroid Build Coastguard WorkerextendedKeyUsage = serverAuth,clientAuth 38*6777b538SAndroid Build Coastguard Worker 39*6777b538SAndroid Build Coastguard Worker[ca_cert] 40*6777b538SAndroid Build Coastguard Worker# Extensions to add when signing a request for an intermediate/CA cert 41*6777b538SAndroid Build Coastguard WorkerbasicConstraints = critical, CA:true 42*6777b538SAndroid Build Coastguard WorkersubjectKeyIdentifier = hash 43*6777b538SAndroid Build Coastguard WorkerkeyUsage = critical, keyCertSign, cRLSign 44*6777b538SAndroid Build Coastguard Worker 45*6777b538SAndroid Build Coastguard Worker[crl_extensions] 46*6777b538SAndroid Build Coastguard Worker# Extensions to add when signing a CRL 47*6777b538SAndroid Build Coastguard WorkerauthorityKeyIdentifier = keyid:always 48*6777b538SAndroid Build Coastguard Worker 49*6777b538SAndroid Build Coastguard Worker[policy_anything] 50*6777b538SAndroid Build Coastguard Worker# Default signing policy 51*6777b538SAndroid Build Coastguard WorkercountryName = optional 52*6777b538SAndroid Build Coastguard WorkerstateOrProvinceName = optional 53*6777b538SAndroid Build Coastguard WorkerlocalityName = optional 54*6777b538SAndroid Build Coastguard WorkerorganizationName = optional 55*6777b538SAndroid Build Coastguard WorkerorganizationalUnitName = optional 56*6777b538SAndroid Build Coastguard WorkercommonName = optional 57*6777b538SAndroid Build Coastguard WorkeremailAddress = optional 58*6777b538SAndroid Build Coastguard Worker 59*6777b538SAndroid Build Coastguard Worker[req] 60*6777b538SAndroid Build Coastguard Worker# The request section used to generate the root CA certificate. This should 61*6777b538SAndroid Build Coastguard Worker# not be used to generate end-entity certificates. For certificates other 62*6777b538SAndroid Build Coastguard Worker# than the root CA, see README to find the appropriate configuration file 63*6777b538SAndroid Build Coastguard Worker# (ie: openssl_cert.cnf). 64*6777b538SAndroid Build Coastguard Workerdefault_bits = $ENV::KEY_SIZE 65*6777b538SAndroid Build Coastguard Workerdefault_md = sha256 66*6777b538SAndroid Build Coastguard Workerstring_mask = utf8only 67*6777b538SAndroid Build Coastguard Workerprompt = no 68*6777b538SAndroid Build Coastguard Workerencrypt_key = no 69*6777b538SAndroid Build Coastguard Workerdistinguished_name = $ENV::CA_NAME 70*6777b538SAndroid Build Coastguard Workerx509_extensions = req_ca_exts 71*6777b538SAndroid Build Coastguard Worker 72*6777b538SAndroid Build Coastguard Worker[req_env_dn] 73*6777b538SAndroid Build Coastguard WorkerCN = QUIC Server Root CA 74*6777b538SAndroid Build Coastguard Worker 75*6777b538SAndroid Build Coastguard Worker[req_ca_exts] 76*6777b538SAndroid Build Coastguard WorkerbasicConstraints = critical, CA:true 77*6777b538SAndroid Build Coastguard WorkerkeyUsage = critical, keyCertSign, cRLSign 78*6777b538SAndroid Build Coastguard WorkersubjectKeyIdentifier = hash 79