# Динамическое подключение rtengine
openssl_conf = openssl_def
[ openssl_def ]
engines = engine_section
[ engine_section ]
rtengine = gost_section
[ gost_section ]
dynamic_path = "./rtengine.dll"
enable_rand = yes
pkcs11_path = "./rtpkcs11ecp.dll"
rand_token = pkcs11:manufacturer=Aktiv%20Co.;model=Rutoken%20ECP
default_algorithms = ALL
# Настройки создания запросов на сертификат
[ req ]
prompt = no
distinguished_name = req_distinguished_name
req_extensions = ext
# Сведения о владельце сертификата
[ req_distinguished_name ]
countryName = RU
commonName = Ivanov
emailAddress = ivanov@mail.ru
stateOrProvinceName = Moscow
# Расширения сертификата
[ ext ]
subjectSignTool = ASN1:FORMAT:UTF8,UTF8String:СКЗИ \"Рутокен ЭЦП 2.0\"
extendedKeyUsage=emailProtection
keyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
#basicConstraints = critical,CA:true
basicConstraints = CA:true
# Настройки удостоверяющего центра
[ ca ]
default_ca = CA_default
[ CA_default ]
dir = ./demoCA # папка УЦ
database = $dir/index.txt
new_certs_dir = $dir/newcerts # папка, куда кладутся новые сертификаты
certificate = $dir/cacert.pem # сертификат УЦ
serial = $dir/serial
private_key = $dir/private/cakey.pem # закрытый ключ УЦ
RANDFILE = $dir/private/.rand
default_days = 365 # сколько дней будет действителен выданный сертификат
default_crl_days = 30
default_md = md_gost12_256 # алгоритм хеширования по умолчанию
policy = policy_any
email_in_dn = no
name_opt = ca_default
cert_opt = ca_default
copy_extensions = copy
# Обязательность полей в запросе на сертификат
[ policy_any ]
countryName = supplied
stateOrProvinceName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ tsa ]
default_tsa = tsa_config
[ tsa_config ]
dir = ./demoCA
serial = $dir/tsa_serial
signer_cert = $dir/tsacert.pem
signer_key = $dir/private/tsakey.pem
signer_digest = md_gost12_256
default_policy = 1.2.3.4
digests = md_gost94,md_gost12_256,md_gost12_512
tsa_name = yes
ess_cert_id_chain = yes
ess_cert_id_alg = md_gost12_256
[ tsa_ext ]
basicConstraints = critical,CA:false
extendedKeyUsage = critical,timeStamping
keyUsage = critical,nonRepudiation
subjectKeyIdentifier = hash