Red Hat DocumentationFuse ESBToggle FramesPrintFeedback

[policy] Variables

Choosing the policy section

The policy variable specifies the default policy section to use if the -policy argument is not supplied to the ca command. The CA policy section of a configuration file identifies the requirements for the contents of a certificate request which must be met before it is signed by the CA.

There are two policy sections defined in the Example openssl.cnf File : policy_match and policy_anything.

Example policy section

The policy_match section of the example openssl.cnf file specifies the order of the attributes in the generated certificate as follows:


The match policy value

Consider the following value:

countryName = match

This means that the country name must match the CA certificate.

The optional policy value

Consider the following value:

organisationalUnitName = optional

This means that the organisationalUnitName does not have to be present.

The supplied policy value

Consider the following value:

commonName = supplied

This means that the commonName must be supplied in the certificate request.

Comments powered by Disqus