OpenTAKServer-Installer/config.cfg at master · brian7704/OpenTAKServer-Installer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

default_crl_days= 730                   # how long before next CRL

[ ca ]
	default_ca      = CA_default            # The default ca section

[ CA_default ]
	dir             = .                     # Where everything is kept
	certs           = $dir          # Where the issued certs are kept
	crl_dir         = $dir/crl              # Where the issued crl are kept
	database        = $dir/crl_index.txt    # database index file.
	default_md      = default               # use public key default MD

[ req ]
        default_bits           = 2048
        default_keyfile        = ca.pem
        distinguished_name     = req_distinguished_name
        x509_extensions        = v3_ca

[ req_distinguished_name ]
        countryName_min                = 2
        countryName_max                = 2
        commonName_max                 = 64

[ v3_ca ]
#basicConstraints=critical,CA:TRUE, pathlen:2
basicConstraints=critical,CA:TRUE
keyUsage=critical, cRLSign, keyCertSign
#nameConstraints=critical,permitted;DNS:.bbn.com # this allows you to restrict a CA to only issue server certs for a particular domain

[ client ]
basicConstraints=critical,CA:FALSE
keyUsage=critical, digitalSignature, keyEncipherment
extendedKeyUsage = critical, clientAuth
#extendedKeyUsage = critical, clientAuth, challengePassword
#authorityInfoAccess = OCSP;URI: http://localhost:4444

[ server ]
basicConstraints=critical,CA:FALSE
keyUsage=critical, digitalSignature, keyEncipherment
extendedKeyUsage = critical, clientAuth, serverAuth
#authorityInfoAccess = OCSP;URI: http://localhost:4444