foreverzmy · August 15, 2024 01:02
diff --git a/simple-intermediate-ca-cnf b/simple-intermediate-ca-cnf
 # OpenSSL Intermediate CA configuration file.
 # Copy to `./root/intermediate.cnf`.

 [ ca ]
 # `man ca`
 default_ca = CA_default

 [ CA_default ]
 # Directory and file locations.
 dir               = ./intermediate
 new_certs_dir     = $dir
 database          = $dir/index.txt
 serial            = $dir/serial

 # The root key and root certificate.
 private_key       = $dir/intermediate.key.pem
 certificate       = $dir/intermediate.cert.pem

 policy            = policy_strict

 [ policy_strict ]
 # The root CA should only sign intermediate certificates that match.
 # See the POLICY FORMAT section of `man ca`.
 countryName             = match
 stateOrProvinceName     = match
 organizationName        = match
 organizationalUnitName  = optional
 commonName              = supplied
 emailAddress            = optional

 [ req ]
 # Options for the `req` tool (`man req`).
 default_bits        = 2048
 distinguished_name  = req_distinguished_name
 string_mask         = utf8only


 [ req_distinguished_name ]
 # See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
 countryName                     = Country Name (2 letter code)
 stateOrProvinceName             = State or Province Name
 localityName                    = Locality Name
 0.organizationName              = Organization Name
 organizationalUnitName          = Organizational Unit Name
 commonName                      = Common Name
 emailAddress                    = Email Address

 [ server_cert ]
 # Extensions for server certificates (`man x509v3_config`).
 basicConstraints = CA:FALSE
 nsCertType = server
 nsComment = "OpenSSL Generated Server Certificate"
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid,issuer:always
 keyUsage = critical, digitalSignature, keyEncipherment
 extendedKeyUsage = serverAuth
	# OpenSSL Intermediate CA configuration file.
	# Copy to `./root/intermediate.cnf`.

	[ ca ]
	# `man ca`
	default_ca = CA_default

	[ CA_default ]
	# Directory and file locations.
	dir = ./intermediate
	new_certs_dir = $dir
	database = $dir/index.txt
	serial = $dir/serial

	# The root key and root certificate.
	private_key = $dir/intermediate.key.pem
	certificate = $dir/intermediate.cert.pem

	policy = policy_strict

	[ policy_strict ]
	# The root CA should only sign intermediate certificates that match.
	# See the POLICY FORMAT section of `man ca`.
	countryName = match
	stateOrProvinceName = match
	organizationName = match
	organizationalUnitName = optional
	commonName = supplied
	emailAddress = optional

	[ req ]
	# Options for the `req` tool (`man req`).
	default_bits = 2048
	distinguished_name = req_distinguished_name
	string_mask = utf8only


	[ req_distinguished_name ]
	# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
	countryName = Country Name (2 letter code)
	stateOrProvinceName = State or Province Name
	localityName = Locality Name
	0.organizationName = Organization Name
	organizationalUnitName = Organizational Unit Name
	commonName = Common Name
	emailAddress = Email Address

	[ server_cert ]
	# Extensions for server certificates (`man x509v3_config`).
	basicConstraints = CA:FALSE
	nsCertType = server
	nsComment = "OpenSSL Generated Server Certificate"
	subjectKeyIdentifier = hash
	authorityKeyIdentifier = keyid,issuer:always
	keyUsage = critical, digitalSignature, keyEncipherment
	extendedKeyUsage = serverAuth