1 files changed, 55 insertions, 0 deletions
diff --git a/config_files/certificate-authority/config/create_root_cert.ini b/config_files/certificate-authority/config/create_root_cert.ini
new file mode 100644
index 0000000..3321dd4
--- /dev/null
+++ b/config_files/certificate-authority/config/create_root_cert.ini
@@ -0,0 +1,55 @@
+[ ca ]
+# `man ca`
+default_ca = CA_default
+[ CA_default ]
+# Directory and file locations.
+dir               = /opt/certificate-authority
+certs             = $dir/certs
+crl_dir           = $dir/crl
+new_certs_dir     = $dir/newcerts
+database          = $dir/index.txt
+serial            = $dir/serial
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md        = sha512
+name_opt          = ca_default
+cert_opt          = ca_default
+default_days      = 375
+preserve          = no
+policy            = policy_strict
+[ policy_strict ]
+# The root CA should only sign intermediate certificates that match.
+# See the POLICY FORMAT section of `man ca`.
+countryName             = match
+stateOrProvinceName     = match
+organizationName        = match
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+[ req ]
+# Options for the `req` tool (`man req`).
+default_bits        = 4096
+distinguished_name  = req_distinguished_name
+string_mask         = utf8only
+prompt              = no
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md          = sha512
+[ req_distinguished_name ]
+C                   = sg
+ST                  = hi
+O                   = hi
+OU                  = hi Certificate Authority
+CN                  = hi Root CA
+[ v3_ca ]
+# Extensions for a typical CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign

diff --git a/config_files/certificate-authority/config/create_root_cert.ini b/config_files/certificate-authority/config/create_root_cert.ini new file mode 100644 index 0000000..3321dd4 --- /dev/null +++ b/config_files/certificate-authority/config/create_root_cert.ini
@@ -0,0 +1,55 @@
	1	[ ca ]
	2	# `man ca`
	3	default_ca = CA_default
	4
	5	[ CA_default ]
	6	# Directory and file locations.
	7	dir = /opt/certificate-authority
	8	certs = $dir/certs
	9	crl_dir = $dir/crl
	10	new_certs_dir = $dir/newcerts
	11	database = $dir/index.txt
	12	serial = $dir/serial
	13
	14	# SHA-1 is deprecated, so use SHA-2 instead.
	15	default_md = sha512
	16
	17	name_opt = ca_default
	18	cert_opt = ca_default
	19	default_days = 375
	20	preserve = no
	21	policy = policy_strict
	22
	23	[ policy_strict ]
	24	# The root CA should only sign intermediate certificates that match.
	25	# See the POLICY FORMAT section of `man ca`.
	26	countryName = match
	27	stateOrProvinceName = match
	28	organizationName = match
	29	organizationalUnitName = optional
	30	commonName = supplied
	31	emailAddress = optional
	32
	33	[ req ]
	34	# Options for the `req` tool (`man req`).
	35	default_bits = 4096
	36	distinguished_name = req_distinguished_name
	37	string_mask = utf8only
	38	prompt = no
	39
	40	# SHA-1 is deprecated, so use SHA-2 instead.
	41	default_md = sha512
	42
	43	[ req_distinguished_name ]
	44	C = sg
	45	ST = hi
	46	O = hi
	47	OU = hi Certificate Authority
	48	CN = hi Root CA
	49
	50	[ v3_ca ]
	51	# Extensions for a typical CA (`man x509v3_config`).
	52	subjectKeyIdentifier = hash
	53	authorityKeyIdentifier = keyid:always,issuer
	54	basicConstraints = critical, CA:true
	55	keyUsage = critical, digitalSignature, cRLSign, keyCertSign