1e1051a39Sopenharmony_ci
2e1051a39Sopenharmony_ci####################################################################
3e1051a39Sopenharmony_ci[ ca ]
4e1051a39Sopenharmony_cidefault_ca	= CA_default		# The default ca section
5e1051a39Sopenharmony_ci
6e1051a39Sopenharmony_ci####################################################################
7e1051a39Sopenharmony_ci[ CA_default ]
8e1051a39Sopenharmony_ci
9e1051a39Sopenharmony_cidir		= ./demoCA		# Where everything is kept
10e1051a39Sopenharmony_cicerts		= $dir/certs		# Where the issued certs are kept
11e1051a39Sopenharmony_cicrl_dir		= $dir/crl		# Where the issued crl are kept
12e1051a39Sopenharmony_cidatabase	= $dir/index.txt	# database index file.
13e1051a39Sopenharmony_cinew_certs_dir	= $dir/new_certs	# default place for new certs.
14e1051a39Sopenharmony_ci
15e1051a39Sopenharmony_cicertificate	= $dir/CAcert.pem 	# The CA certificate
16e1051a39Sopenharmony_ciserial		= $dir/serial 		# The current serial number
17e1051a39Sopenharmony_cicrl		= $dir/crl.pem 		# The current CRL
18e1051a39Sopenharmony_ciprivate_key	= $dir/private/CAkey.pem# The private key
19e1051a39Sopenharmony_ci
20e1051a39Sopenharmony_cidefault_days	= 365			# how long to certify for
21e1051a39Sopenharmony_cidefault_crl_days= 30			# how long before next CRL
22e1051a39Sopenharmony_cidefault_md	= md5			# which md to use.
23e1051a39Sopenharmony_ci
24e1051a39Sopenharmony_ci# A few difference way of specifying how similar the request should look
25e1051a39Sopenharmony_ci# For type CA, the listed attributes must be the same, and the optional
26e1051a39Sopenharmony_ci# and supplied fields are just that :-)
27e1051a39Sopenharmony_cipolicy		= policy_match
28e1051a39Sopenharmony_ci
29e1051a39Sopenharmony_ci# For the CA policy
30e1051a39Sopenharmony_ci[ policy_match ]
31e1051a39Sopenharmony_cicountryName		= match
32e1051a39Sopenharmony_cistateOrProvinceName	= match
33e1051a39Sopenharmony_ciorganizationName	= match
34e1051a39Sopenharmony_ciorganizationalUnitName	= optional
35e1051a39Sopenharmony_cicommonName		= supplied
36e1051a39Sopenharmony_ciemailAddress		= optional
37e1051a39Sopenharmony_ci
38e1051a39Sopenharmony_ci# For the 'anything' policy
39e1051a39Sopenharmony_ci# At this point in time, you must list all acceptable 'object'
40e1051a39Sopenharmony_ci# types.
41e1051a39Sopenharmony_ci[ policy_anything ]
42e1051a39Sopenharmony_cicountryName		= optional
43e1051a39Sopenharmony_cistateOrProvinceName	= optional
44e1051a39Sopenharmony_cilocalityName		= optional
45e1051a39Sopenharmony_ciorganizationName	= optional
46e1051a39Sopenharmony_ciorganizationalUnitName	= optional
47e1051a39Sopenharmony_cicommonName		= supplied
48e1051a39Sopenharmony_ciemailAddress		= optional
49e1051a39Sopenharmony_ci
50e1051a39Sopenharmony_ci####################################################################
51e1051a39Sopenharmony_ci[ req ]
52e1051a39Sopenharmony_cidistinguished_name	= req_distinguished_name
53e1051a39Sopenharmony_ciencrypt_rsa_key		= no
54e1051a39Sopenharmony_ci
55e1051a39Sopenharmony_ci# Make altreq be identical to req
56e1051a39Sopenharmony_ci[ altreq ]
57e1051a39Sopenharmony_cidistinguished_name	= req_distinguished_name
58e1051a39Sopenharmony_ciencrypt_rsa_key		= no
59e1051a39Sopenharmony_ci
60e1051a39Sopenharmony_ci[ req_distinguished_name ]
61e1051a39Sopenharmony_cicountryName			= C field
62e1051a39Sopenharmony_cicountryName_value		= AU
63e1051a39Sopenharmony_cistateOrProvinceName		= SP field
64e1051a39Sopenharmony_cistateOrProvinceName_value	=
65e1051a39Sopenharmony_cilocalityName			= L field
66e1051a39Sopenharmony_cilocalityName_value		= Brisbane
67e1051a39Sopenharmony_ciorganizationName		= O field
68e1051a39Sopenharmony_ciorganizationName_value		= CryptSoft Pty Ltd
69e1051a39Sopenharmony_ciorganizationalUnitName		= OU field
70e1051a39Sopenharmony_ciorganizationalUnitName_value	= .
71e1051a39Sopenharmony_cicommonName			= CN field
72e1051a39Sopenharmony_cicommonName_value		= Eric Young
73e1051a39Sopenharmony_ciemailAddress			= email field
74e1051a39Sopenharmony_ciemailAddress_value		= eay@mincom.oz.au
75