1e1051a39Sopenharmony_ci
2e1051a39Sopenharmony_ci# Comment out the next line to ignore configuration errors
3e1051a39Sopenharmony_ciconfig_diagnostics = 1
4e1051a39Sopenharmony_ci
5e1051a39Sopenharmony_ciCN2 = Brother 2
6e1051a39Sopenharmony_ci
7e1051a39Sopenharmony_ci####################################################################
8e1051a39Sopenharmony_ci[ req ]
9e1051a39Sopenharmony_cidistinguished_name	= req_distinguished_name
10e1051a39Sopenharmony_ciencrypt_rsa_key		= no
11e1051a39Sopenharmony_cidefault_md		= sha1
12e1051a39Sopenharmony_ci
13e1051a39Sopenharmony_ci[ req_distinguished_name ]
14e1051a39Sopenharmony_cicountryName			= Country Name (2 letter code)
15e1051a39Sopenharmony_cicountryName_value		= AU
16e1051a39Sopenharmony_ciorganizationName		= Organization Name (eg, company)
17e1051a39Sopenharmony_ciorganizationName_value		= Dodgy Brothers
18e1051a39Sopenharmony_cicommonName			= Common Name (eg, YOUR name)
19e1051a39Sopenharmony_cicommonName_value		= Dodgy CA
20e1051a39Sopenharmony_ci
21e1051a39Sopenharmony_ci####################################################################
22e1051a39Sopenharmony_ci[ userreq ]
23e1051a39Sopenharmony_cidistinguished_name	= user_dn
24e1051a39Sopenharmony_ciencrypt_rsa_key		= no
25e1051a39Sopenharmony_cidefault_md		= sha256
26e1051a39Sopenharmony_ciprompt			= no
27e1051a39Sopenharmony_ci
28e1051a39Sopenharmony_ci[ user_dn ]
29e1051a39Sopenharmony_cicountryName		= AU
30e1051a39Sopenharmony_ciorganizationName	= Dodgy Brothers
31e1051a39Sopenharmony_ci0.commonName		= Brother 1
32e1051a39Sopenharmony_ci1.commonName		= $ENV::CN2
33e1051a39Sopenharmony_ci
34e1051a39Sopenharmony_ci[ v3_ee ]
35e1051a39Sopenharmony_cisubjectKeyIdentifier	= hash
36e1051a39Sopenharmony_ciauthorityKeyIdentifier	= keyid,issuer:always
37e1051a39Sopenharmony_cibasicConstraints 	= CA:false
38e1051a39Sopenharmony_cikeyUsage		= nonRepudiation, digitalSignature, keyEncipherment
39e1051a39Sopenharmony_ci
40e1051a39Sopenharmony_ci[ v3_ee_dsa ]
41e1051a39Sopenharmony_cisubjectKeyIdentifier	= hash
42e1051a39Sopenharmony_ciauthorityKeyIdentifier	= keyid:always
43e1051a39Sopenharmony_cibasicConstraints	= CA:false
44e1051a39Sopenharmony_cikeyUsage		= nonRepudiation, digitalSignature
45e1051a39Sopenharmony_ci
46e1051a39Sopenharmony_ci[ v3_ee_ec ]
47e1051a39Sopenharmony_cisubjectKeyIdentifier	= hash
48e1051a39Sopenharmony_ciauthorityKeyIdentifier	= keyid:always
49e1051a39Sopenharmony_cibasicConstraints	= CA:false
50e1051a39Sopenharmony_cikeyUsage		= nonRepudiation, digitalSignature, keyAgreement
51e1051a39Sopenharmony_ci
52e1051a39Sopenharmony_ci####################################################################
53e1051a39Sopenharmony_ci[ ca ]
54e1051a39Sopenharmony_cidefault_ca	= CA_default
55e1051a39Sopenharmony_ci
56e1051a39Sopenharmony_ci[ CA_default ]
57e1051a39Sopenharmony_cidir		= ./demoCA
58e1051a39Sopenharmony_cicerts		= $dir/certs
59e1051a39Sopenharmony_cicrl_dir		= $dir/crl
60e1051a39Sopenharmony_cidatabase	= $dir/index.txt
61e1051a39Sopenharmony_cinew_certs_dir	= $dir/newcerts
62e1051a39Sopenharmony_cicertificate	= $dir/cacert.pem
63e1051a39Sopenharmony_ciserial		= $dir/serial
64e1051a39Sopenharmony_cicrl		= $dir/crl.pem
65e1051a39Sopenharmony_ciprivate_key	= $dir/private/cakey.pem
66e1051a39Sopenharmony_cix509_extensions	= v3_ca
67e1051a39Sopenharmony_ciname_opt 	= ca_default
68e1051a39Sopenharmony_cicert_opt 	= ca_default
69e1051a39Sopenharmony_cidefault_days	= 365
70e1051a39Sopenharmony_cidefault_crl_days= 30
71e1051a39Sopenharmony_cidefault_md	= sha1
72e1051a39Sopenharmony_cipreserve	= no
73e1051a39Sopenharmony_cipolicy		= policy_anything
74e1051a39Sopenharmony_ci
75e1051a39Sopenharmony_ci[ policy_anything ]
76e1051a39Sopenharmony_cicountryName		= optional
77e1051a39Sopenharmony_cistateOrProvinceName	= optional
78e1051a39Sopenharmony_cilocalityName		= optional
79e1051a39Sopenharmony_ciorganizationName	= optional
80e1051a39Sopenharmony_ciorganizationalUnitName	= optional
81e1051a39Sopenharmony_cicommonName		= supplied
82e1051a39Sopenharmony_ciemailAddress		= optional
83e1051a39Sopenharmony_ci
84e1051a39Sopenharmony_ci[ v3_ca ]
85e1051a39Sopenharmony_cisubjectKeyIdentifier	= hash
86e1051a39Sopenharmony_ciauthorityKeyIdentifier	= keyid:always,issuer:always
87e1051a39Sopenharmony_cibasicConstraints 	= critical,CA:true,pathlen:1
88e1051a39Sopenharmony_cikeyUsage		= cRLSign, keyCertSign
89e1051a39Sopenharmony_ciissuerAltName		= issuer:copy
90