src/test/ssl/cas.config - cloudberry - Git at Google

 # This file contains the configuration for all the CAs.

 [ req ]
 prompt                 = no

 # Extensions for CA certs
 [ v3_ca ]
 basicConstraints = CA:true

 # Root CA, used to sign the certificates of the intermediary server and
 # client CAs.
 [ root_ca ]
 dir = ./ssl/
 database = ./ssl/root_ca-certindex
 serial = ./ssl/root_ca.srl
 default_md = sha256
 default_days= 10000
 default_crl_days= 10000
 certificate = ./ssl/root_ca.crt
 private_key = ./ssl/root_ca.key
 new_certs_dir = ./ssl/new_certs_dir
 policy					= policy_match
 email_in_dn				= no

 # CA used to sign all the server certificates.
 [ server_ca ]
 dir = ./ssl/
 database = ./ssl/server_ca-certindex
 default_md = sha256
 default_days= 10000
 default_crl_days= 10000
 certificate = ./ssl/server_ca.crt
 private_key = ./ssl/server_ca.key
 new_certs_dir = ./ssl/new_certs_dir
 serial = ./ssl/server_ca.srl
 policy					= policy_match
 email_in_dn				= no
 unique_subject = no
 crl = ./ssl/server.crl

 # CA used to sign all the client certificates.
 [ client_ca ]
 dir = ./ssl/
 database = ./ssl/client_ca-certindex
 default_md = sha256
 default_days= 10000
 default_crl_days= 10000
 certificate = ./ssl/client_ca.crt
 private_key = ./ssl/client_ca.key
 new_certs_dir = ./ssl/new_certs_dir
 serial = ./ssl/client_ca.srl
 policy					= policy_match
 email_in_dn				= no
 unique_subject = no
 crl = ./ssl/client.crl

 # This is common for all CAs.
 [ policy_match ]
 countryName = optional
 stateOrProvinceName = optional
 organizationName = optional
 organizationalUnitName = optional
 commonName = optional
 emailAddress = optional
	# This file contains the configuration for all the CAs.

	[ req ]
	prompt = no

	# Extensions for CA certs
	[ v3_ca ]
	basicConstraints = CA:true

	# Root CA, used to sign the certificates of the intermediary server and
	# client CAs.
	[ root_ca ]
	dir = ./ssl/
	database = ./ssl/root_ca-certindex
	serial = ./ssl/root_ca.srl
	default_md = sha256
	default_days= 10000
	default_crl_days= 10000
	certificate = ./ssl/root_ca.crt
	private_key = ./ssl/root_ca.key
	new_certs_dir = ./ssl/new_certs_dir
	policy = policy_match
	email_in_dn = no

	# CA used to sign all the server certificates.
	[ server_ca ]
	dir = ./ssl/
	database = ./ssl/server_ca-certindex
	default_md = sha256
	default_days= 10000
	default_crl_days= 10000
	certificate = ./ssl/server_ca.crt
	private_key = ./ssl/server_ca.key
	new_certs_dir = ./ssl/new_certs_dir
	serial = ./ssl/server_ca.srl
	policy = policy_match
	email_in_dn = no
	unique_subject = no
	crl = ./ssl/server.crl

	# CA used to sign all the client certificates.
	[ client_ca ]
	dir = ./ssl/
	database = ./ssl/client_ca-certindex
	default_md = sha256
	default_days= 10000
	default_crl_days= 10000
	certificate = ./ssl/client_ca.crt
	private_key = ./ssl/client_ca.key
	new_certs_dir = ./ssl/new_certs_dir
	serial = ./ssl/client_ca.srl
	policy = policy_match
	email_in_dn = no
	unique_subject = no
	crl = ./ssl/client.crl

	# This is common for all CAs.
	[ policy_match ]
	countryName = optional
	stateOrProvinceName = optional
	organizationName = optional
	organizationalUnitName = optional
	commonName = optional
	emailAddress = optional