osslsigncode/tests/certs/openssl_intermediate.cnf

# OpenSSL intermediate CA configuration file

[ default ]
name                            = intermediate
default_ca                      = CA_default

[ CA_default ]
# Directory and file locations
dir                             = .
certs                           = $dir/CA
crl_dir                         = $dir/CA
new_certs_dir                   = $dir/CA
database                        = $dir/CA/index.txt
serial                          = $dir/CA/serial
rand_serial                     = yes
private_key                     = $dir/CA/$name.key
certificate                     = $dir/tmp/$name.pem
crl_extensions                  = crl_ext
default_md                      = sha256
preserve                        = no
policy                          = policy_loose
default_startdate               = 180101000000Z
default_enddate                 = 241231000000Z
x509_extensions                 = v3_req
email_in_dn                     = yes
default_days                    = 2200

[ req ]
# Options for the `req` tool
encrypt_key                     = no
default_bits                    = 2048
default_md                      = sha256
string_mask                     = utf8only
distinguished_name              = req_distinguished_name
x509_extensions                 = usr_extensions

[ crl_ext ]
# Extension for CRLs
authorityKeyIdentifier          = keyid:always

[ usr_extensions ]
# Extension to add when the -x509 option is used
basicConstraints                = CA:FALSE
subjectKeyIdentifier            = hash
authorityKeyIdentifier          = keyid, issuer
extendedKeyUsage                = codeSigning

[ v3_req ]
basicConstraints                = CA:FALSE
subjectKeyIdentifier            = hash
authorityKeyIdentifier          = keyid, issuer
extendedKeyUsage                = codeSigning

[ policy_loose ]
# Allow the intermediate CA to sign a more diverse range of certificates.
# See the POLICY FORMAT section of the `ca` man page.
countryName                     = optional
stateOrProvinceName             = optional
localityName                    = optional
organizationName                = optional
organizationalUnitName          = optional
commonName                      = supplied
emailAddress                    = optional

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
stateOrProvinceName             = State or Province Name
localityName                    = Locality Name
0.organizationName              = Organization Name
organizationalUnitName          = Organizational Unit Name
commonName                      = Common Name
emailAddress                    = Email Address