
# OpenSSL configuration file.
#

# Establish working directory.

dir                                     = .

[ ca ]
default_ca                              = CA_default

[ CA_default ]
serial                                  = $dir/serial
database                                = $dir/certindex.txt
certs                                   = $dir/certs
new_certs_dir                           = $dir/
certificate                             = $dir/demoCA/cacert.pem
private_key                             = $dir/demoCA/private/cakey.pem
default_days                            = 3650
default_md                              = sha1
preserve                                = no
email_in_dn                             = no
#nameopt                                        = default_ca
#certopt                                        = default_ca
copy_extensions                         = none
policy                                  = policy_match

basicConstraints                        = critical, CA:true
authorityKeyIdentifier                  = keyid:always,issuer:always
subjectKeyIdentifier                    = hash
keyUsage                                = critical, keyCertSign, cRLSign

[ policy_match ]
countryName                             = match
stateOrProvinceName                     = match
organizationName                        = match
organizationalUnitName                  = optional
commonName                              = supplied
emailAddress                            = optional

[ req ]
default_bits                            = 2048                  # Size of keys
default_keyfile                         = key.pem               # name of generated keys
default_md                              = sha1                          # message digest algorithm
string_mask                             = nombstr               # permitted characters
distinguished_name                      = req_distinguished_name
req_extensions                          = v3_req
#x509_extensions                         = subca_req


[ req_distinguished_name ]
# Variable name                         Prompt string
#-------------------------        ----------------------------------
organizationName                        = Organisation

organizationalUnitName                  = Nom de l'unite organisationnelle (department, division)

emailAddress                            = Adresse e-mail
emailAddress_max                        = 40

localityName                            = Ville

stateOrProvinceName                     = Region

countryName                             = Pays (en 2 lettres)
countryName_min                         = 2
countryName_max                         = 2

commonName                              = Nom du certificat (hostname, IP, ou nom)
commonName_max                          = 64

# Default values for the above, for consistency and less typing.
# Variable name                         Value
#------------------------         ------------------------------
organizationName_default                = CAShinken
organizationalUnitName_default          = MAIN
localityName_default                    = World
stateOrProvinceName_default             = Some-State
countryName_default                     = FR


[ v3_ca ]
basicConstraints                        = CA:TRUE
subjectKeyIdentifier                    = hash
authorityKeyIdentifier                  = keyid:always,issuer:always

[ v3_req ]
basicConstraints                        = CA:FALSE
subjectKeyIdentifier                    = hash


