diff --git a/files/openssl-gost.cnf b/files/openssl-gost.cnf
new file mode 100644
index 0000000..263a9b3
--- /dev/null
+++ b/files/openssl-gost.cnf
@@ -0,0 +1,53 @@
+[ default ]
+dir             = /etc/pki/CA
+
+[ ca ]
+default_ca      = CA_default
+
+[ CA_default ]
+dir             = /etc/pki/CA
+certs           = $dir/certs
+crl_dir         = $dir/crl
+new_certs_dir   = $dir/newcerts
+database        = $dir/index.txt
+serial          = $dir/serial
+RANDFILE        = $dir/private/.rand
+
+certificate     = $dir/certs/ca.crt
+private_key     = $dir/private/ca.key
+default_days    = 30
+default_md      = md_gost12_256
+preserve        = no
+policy          = policy_anything
+
+[ policy_anything ]
+countryName             = optional
+stateOrProvinceName     = optional
+localityName            = optional
+organizationName        = optional
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+[ req ]
+default_bits            = 2048
+distinguished_name      = req_distinguished_name
+string_mask             = utf8only
+default_md              = md_gost12_256
+prompt                  = no
+
+[ req_distinguished_name ]
+CN = AU-Team Root CA
+
+[ v3_ca ]
+subjectKeyIdentifier    = hash
+authorityKeyIdentifier  = keyid:always,issuer
+basicConstraints        = critical, CA:true
+keyUsage                = critical, digitalSignature, cRLSign, keyCertSign
+
+[ server_cert ]
+basicConstraints        = CA:FALSE
+subjectKeyIdentifier    = hash
+authorityKeyIdentifier  = keyid,issuer
+keyUsage                = critical, digitalSignature, keyEncipherment
+extendedKeyUsage        = serverAuth
\ No newline at end of file