Creating new User CA private key and certificate "@{name}" ... Creating new Server CA private key and certificate "@{name}" ... Creating new Root CA private key and certificate "@{name}" ... [ ca ] default_ca = default_CA [ default_CA ] dir = database = db.index serial = db.serial RANDFILE = random-bits default_md = md5 preserve = no x509_extensions = server_cert policy = policy_anything default_days = @{days} [ policy_anything ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ server_cert ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer:always #extendedKeyUsage = serverAuth,clientAuth,msSGC,nsSGC basicConstraints = critical,CA:@{is-ca} [ req ] default_bits = 1024 distinguished_name = req_distinguished_name x509_extensions = v3_ca string_mask = nombstr req_extensions = v3_req [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = @{country} countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = @{state} localityName = Locality Name (eg, city) localityName_default = @{city} 0.organizationName = Organization Name (eg, company) 0.organizationName_default = @{company} organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = @{department} commonName = Common Name (eg, MD CA) commonName_default = @{name} commonName_max = 64 emailAddress = Email Address emailAddress_default = @{email} emailAddress_max = 40 [ v3_ca ] basicConstraints = critical,CA:@{is-ca} subjectKeyIdentifier = hash [ v3_req ] nsCertType = objsign,server [ req ] default_bits = 1024 distinguished_name = req_distinguished_name string_mask = nombstr req_extensions = v3_req x509_extensions = v3_ca [ req_distinguished_name ] commonName = Common Name (eg, John Doe) commonName_default = @{name} emailAddress = Email Address emailAddress_default = @{email} emailAddress_max = 40 [ v3_ca ] basicConstraints = critical,CA:false subjectKeyIdentifier = hash [ v3_req ] nsCertType = client,email,objsign Creating private key @{key-file} ... Creating certificate @{certificate-file} ... ... using private key @{key-file} ... using certification request data in @{config-file} Sign certificate @{in-certificate-file} ... ... into @{out-certificate-file} ... using sign configuration data in @{config-file} Verify certificate @{certificate-file} ... ... using root Parent Certificate @{parent-certificate-file} Create openssl store at @{store-dir} ... 02 Convert PEM certificate @{pem-certificate-file} ... ... into @{der-certificate-file} Convert PEM key @{pem-private-key} and certificate @{pem-certificate-file} ... ... into @{p12-file} with alias @{alias}