xref: /aosp_15_r20/external/grpc-grpc-java/testing/src/main/resources/certs/server1-openssl.cnf (revision e07d83d3ffcef9ecfc9f7f475418ec639ff0e5fe) 
1[req]
2distinguished_name  = req_distinguished_name
3req_extensions     = v3_req
4
5[req_distinguished_name]
6countryName           = Country Name (2 letter code)
7countryName_default   = US
8stateOrProvinceName   = State or Province Name (full name)
9stateOrProvinceName_default = Illinois
10localityName          = Locality Name (eg, city)
11localityName_default  = Chicago
12organizationName          = Organization Name (eg, company)
13organizationName_default  = Example, Co.
14commonName            = Common Name (eg, YOUR name)
15commonName_max        = 64
16
17####################################################################
18[ ca ]
19default_ca	= CA_default		# The default ca section
20
21####################################################################
22[ CA_default ]
23
24dir		= . # Where everything is kept
25certs		= $dir # Where the issued certs are kept
26crl_dir		= $dir		# Where the issued crl are kept
27database	= $dir/index.txt	# database index file.
28#unique_subject	= no			# Set to 'no' to allow creation of
29					# several ctificates with same subject.
30new_certs_dir	= $dir		# default place for new certs.
31
32certificate	= $dir/ca.pem 	# The CA certificate
33serial		= $dir/serial 		# The current serial number
34crlnumber	= $dir/crlnumber	# the current crl number
35					# must be commented out to leave a V1 CRL
36crl		= $dir/crl.pem 		# The current CRL
37private_key	= $dir/private/cakey.pem# The private key
38RANDFILE	= $dir/private/.rand	# private random number file
39
40x509_extensions	= usr_cert		# The extentions to add to the cert
41
42# Comment out the following two lines for the "traditional"
43# (and highly broken) format.
44name_opt 	= ca_default		# Subject Name options
45cert_opt 	= ca_default		# Certificate field options
46
47# Extension copying option: use with caution.
48# copy_extensions = copy
49
50# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
51# so this is commented out by default to leave a V1 CRL.
52# crlnumber must also be commented out to leave a V1 CRL.
53# crl_extensions	= crl_ext
54
55default_days	= 365			# how long to certify for
56default_crl_days= 30			# how long before next CRL
57default_md	= default		# use public key default MD
58preserve	= no			# keep passed DN ordering
59
60# A few difference way of specifying how similar the request should look
61# For type CA, the listed attributes must be the same, and the optional
62# and supplied fields are just that :-)
63policy		= policy_anything
64[ policy_anything ]
65countryName		= optional
66stateOrProvinceName	= optional
67localityName		= optional
68organizationName	= optional
69organizationalUnitName	= optional
70commonName		= supplied
71emailAddress		= optional
72
73[v3_req]
74basicConstraints = CA:FALSE
75keyUsage = nonRepudiation, digitalSignature, keyEncipherment
76subjectAltName = @alt_names
77
78[alt_names]
79DNS.1 = *.test.google.fr
80DNS.2 = waterzooi.test.google.be
81DNS.3 = *.test.youtube.com
82IP.1 = "192.168.1.3"
83