Для не осиливших README.gost:openssl_conf = openssl_def
CRL_URI=http://localhost/democa/current.crl
CAROOT=./demoCA
KEY_USAGE=digitalSignature,nonRepudiation,keyEncipherment
EXT_USAGE=serverAuth
E=root@localhost
L=Nowhere
O=Misconfigured site
CN=Lazy admin
[openssl_def]
engines = engine_section
[engine_section]
gost = gost_section
[ ca ]
default_ca = CA_default
[ CA_default ]
dir = $ENV::CAROOT
database = $dir/index.txt
new_certs_dir = $dir/newcerts
certificate = $dir/cacert.pem
serial = $dir/serial
private_key = $dir/private/cakey.pem
RANDFILE = /dev/urandom
default_days = 365
default_crl_days= 30
default_md = md5
policy = policy_any
email_in_dn = yes
x509_extensions= x509_extensions
nameopt = utf8,sep_comma_plus
certopt = utf8,sep_comma_plus
copy_extensions = copy
[ ca_cert_extensions ]
basicConstraints=critical,CA:TRUE,pathlen:1
keyUsage=keyCertSign,cRLSign
crlDistributionPoints = URI:$ENV::CRL_URI
[ x509_extensions ]
basicConstraints=CA:FALSE
crlDistributionPoints = URI:$ENV::CRL_URI
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ policy_any ]
countryName = supplied
stateOrProvinceName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = supplied
[req]
prompt=no
distinguished_name = req_dn
string_mask = pkix
default_md = sha1
utf8=yes
req_extensions = req_exts
[req_exts]
basicConstraints = CA:FALSE
keyUsage = $ENV::KEY_USAGE
extendedKeyUsage = $ENV::EXT_USAGE
[ req_dn ]
C = $ENV::C
L = $ENV::L
CN= $ENV::CN
O= $ENV::O
OU= $ENV::OU
emailAddress = $ENV::E
[ gost_section ]
engine_id = gost
default_algorithms = ALL