github.com/verrazzano/verrazzano@v1.7.0/platform-operator/scripts/install/config/istio_root_ca_config.txt (about)

     1  # Copyright (c) 2020, 2022, Oracle and/or its affiliates.
     2  # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
     3  [ ca ]
     4  default_ca = CA_default
     5  
     6  [ CA_default ]
     7  database          = ./index.txt
     8  serial            = ./serial
     9  policy            = policy_strict
    10  
    11  [ policy_strict ]
    12  # The root CA should only sign intermediate certificates that match.
    13  countryName             = match
    14  stateOrProvinceName     = match
    15  organizationName        = match
    16  organizationalUnitName  = optional
    17  commonName              = supplied
    18  emailAddress            = optional
    19  
    20  [ req ]
    21  distinguished_name  = req_distinguished_name
    22  prompt              = no
    23  x509_extensions     = v3_ca
    24  
    25  [ req_distinguished_name ]
    26  countryName                     = US
    27  stateOrProvinceName             = CA
    28  0.organizationName              = Oracle Corporation
    29  commonName                      = Root CA
    30  
    31  [ v3_ca ]
    32  subjectKeyIdentifier = hash
    33  authorityKeyIdentifier = keyid:always,issuer
    34  basicConstraints = critical, CA:true
    35  keyUsage = critical, digitalSignature, cRLSign, keyCertSign
    36  
    37  [ v3_intermediate_ca ]
    38  subjectKeyIdentifier = hash
    39  authorityKeyIdentifier = keyid:always,issuer
    40  basicConstraints = critical, CA:true, pathlen:0
    41  keyUsage = critical, digitalSignature, cRLSign, keyCertSign
    42