Creating new User CA private key and certificate "@{name}" ...
Creating new Server CA private key and certificate "@{name}" ...
Creating new Root CA private key and certificate "@{name}" ...
[ ca ]
default_ca = default_CA
[ default_CA ]
dir =
database = db.index
serial = db.serial
RANDFILE = random-bits
default_md = md5
preserve = no
x509_extensions = server_cert
policy = policy_anything
default_days = @{days}
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ server_cert ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
#extendedKeyUsage = serverAuth,clientAuth,msSGC,nsSGC
basicConstraints = critical,CA:@{is-ca}
[ req ]
default_bits = 1024
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
string_mask = nombstr
req_extensions = v3_req
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = @{country}
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = @{state}
localityName = Locality Name (eg, city)
localityName_default = @{city}
0.organizationName = Organization Name (eg, company)
0.organizationName_default = @{company}
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = @{department}
commonName = Common Name (eg, MD CA)
commonName_default = @{name}
commonName_max = 64
emailAddress = Email Address
emailAddress_default = @{email}
emailAddress_max = 40
[ v3_ca ]
basicConstraints = critical,CA:@{is-ca}
subjectKeyIdentifier = hash
[ v3_req ]
nsCertType = objsign,server
[ req ]
default_bits = 1024
distinguished_name = req_distinguished_name
string_mask = nombstr
req_extensions = v3_req
x509_extensions = v3_ca
[ req_distinguished_name ]
commonName = Common Name (eg, John Doe)
commonName_default = @{name}
emailAddress = Email Address
emailAddress_default = @{email}
emailAddress_max = 40
[ v3_ca ]
basicConstraints = critical,CA:false
subjectKeyIdentifier = hash
[ v3_req ]
nsCertType = client,email,objsign
Creating private key @{key-file} ...
Creating certificate @{certificate-file} ...
... using private key @{key-file}
... using certification request data in @{config-file}
Sign certificate @{in-certificate-file} ...
... into @{out-certificate-file}
... using sign configuration data in @{config-file}
Verify certificate @{certificate-file} ...
... using root Parent Certificate @{parent-certificate-file}
Create openssl store at @{store-dir} ...
02
Convert PEM certificate @{pem-certificate-file} ...
... into @{der-certificate-file}
Convert PEM key @{pem-private-key} and certificate @{pem-certificate-file} ...
... into @{p12-file} with alias @{alias}