ca-scripts/ca-scripts.conf

# example ca-scripts configuration file

# REQUIRED: CA_HOME provides the path to the root of the CA directory tree
#           this directory must exist and be writeable
#CA_HOME="/etc/ssl/ca"
CA_HOME="/tmp/ca"

# REQUIRED: CA_DOMAIN provides a template for other optional variables and
#           the filenames that are generated within the directory tree
CA_DOMAIN="example.com"

# OPTIONAL: CA_NAME is the internal templating variable for filenames etc
# Defaults to:
# CA_NAME="$( echo $CA_DOMAIN | tr 'A-Z' 'a-z' | tr -c '-a-z0-9' '_' )"

# REQUIRED: CA_DN_* configures the Distinguished Name fields present in the
#           CA certificate generated by ca-init
CA_DN_C="GB"
CA_DN_ST="London"
CA_DN_L="Example House, Mayfair"
CA_DN_O="Example Security Services Ltd."
CA_DN_OU="Example Internet Encryption Division"
CA_DN_CN="Example Security Services Root Certificate Authority"

# OPTIONAL: CA_DESC configures a single-line description for your CA
#           using the CN= or O= line from your DN is recommended
# Default value:
# CA_DESC="$CA_DN_CN"

# OPTIONAL: CA_EMAIL provides an e-mail address that is embedded into all
#           generated certificates as a point-of-contact
# Default value:
# CA_EMAIL="ca@$CA_DOMAIN"

# OPTIONAL: CA_CRT_URI and CA_CRL_URI provide locations where the CA
#           certificate and revocation lists can be found
# Default value:
# CA_CRT_URI="http://$CA_DOMAIN/ca/$CA_NAME.ca.crt"
# CA_CRL_URI="http://$CA_DOMAIN/ca/$CA_NAME.ca.crl"

# OPTIONAL: CA_CRT_BITS sets the default key length for generated keys.
# Default value:
# CA_CRT_BITS=2048

# OPTIONAL: CA_PATHLEN sets the maximum number of intermediate CA certificates
#           that can be in the chain of authority between the root CA and the 
#           final certificate.
# Default value:
# CA_PATHLEN=0
initial commit of ca-scripts devel work 2009-10-12 17:46:50 -04:00			`# example ca-scripts configuration file`

			`# REQUIRED: CA_HOME provides the path to the root of the CA directory tree`
			`# this directory must exist and be writeable`
			`#CA_HOME="/etc/ssl/ca"`
			`CA_HOME="/tmp/ca"`

			`# REQUIRED: CA_DOMAIN provides a template for other optional variables and`
			`# the filenames that are generated within the directory tree`
			`CA_DOMAIN="example.com"`

			`# OPTIONAL: CA_NAME is the internal templating variable for filenames etc`
			`# Defaults to:`
			`# CA_NAME="$( echo $CA_DOMAIN \| tr 'A-Z' 'a-z' \| tr -c '-a-z0-9' '_' )"`

			`# REQUIRED: CA_DN_* configures the Distinguished Name fields present in the`
			`# CA certificate generated by ca-init`
			`CA_DN_C="GB"`
			`CA_DN_ST="London"`
			`CA_DN_L="Example House, Mayfair"`
			`CA_DN_O="Example Security Services Ltd."`
			`CA_DN_OU="Example Internet Encryption Division"`
			`CA_DN_CN="Example Security Services Root Certificate Authority"`

			`# OPTIONAL: CA_DESC configures a single-line description for your CA`
			`# using the CN= or O= line from your DN is recommended`
			`# Default value:`
			`# CA_DESC="$CA_DN_CN"`

			`# OPTIONAL: CA_EMAIL provides an e-mail address that is embedded into all`
			`# generated certificates as a point-of-contact`
			`# Default value:`
			`# CA_EMAIL="ca@$CA_DOMAIN"`

			`# OPTIONAL: CA_CRT_URI and CA_CRL_URI provide locations where the CA`
			`# certificate and revocation lists can be found`
			`# Default value:`
			`# CA_CRT_URI="http://$CA_DOMAIN/ca/$CA_NAME.ca.crt"`
			`# CA_CRL_URI="http://$CA_DOMAIN/ca/$CA_NAME.ca.crl"`

Add -b BITS flag to ca-create-cert. 2010-02-14 01:58:41 -05:00			`# OPTIONAL: CA_CRT_BITS sets the default key length for generated keys.`
			`# Default value:`
			`# CA_CRT_BITS=2048`

initial commit of ca-scripts devel work 2009-10-12 17:46:50 -04:00			`# OPTIONAL: CA_PATHLEN sets the maximum number of intermediate CA certificates`
			`# that can be in the chain of authority between the root CA and the`
			`# final certificate.`
			`# Default value:`
			`# CA_PATHLEN=0`