# -*- coding: utf-8 mode: conf -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8

[ca]
default_ca = dmca

[dmca]
dir = @@cadir@@
certs = $dir/certs
crl_dir = $dir/crl
database = $dir/index.txt
unique_subject = no
new_certs_dir = $dir/newcerts

certificate = $dir/dmca.crt
serial = $dir/serial
crl = $dir/dmca.crl
private_key = $dir/dmca.key
RANDFILE = $dir/private/.rand

x509_extensions = usr_ext

name_opt = ca_default
cert_opt = ca_default

copy_extensions = copy

default_days = 10950
default_crl_days = 30
default_md = sha256
preserve = no

policy = policy_match

[policy_match]
#countryName = match
#stateOrProvinceName = match
#organizationName = match
countryName = supplied
stateOrProvinceName = supplied
organizationName = supplied
organizationalUnitName = optional
commonName = supplied
emailAddress = optional

[req]
default_bits = 2048
default_md = sha256
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = usr_ext
string_mask = utf8only

#input_password = secret
#output_password = secret

[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = FR
countryName_min = 2
countryName_max = 2

stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = La Reunion

localityName = Locality Name (eg, city)
localityName_default = Sainte-Clotilde

0.organizationName = Organization Name (eg, company)
0.organizationName_default = jclain

organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = 

commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64

emailAddress = Email Address
emailAddress_max = 64

[req_attributes]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20

unstructuredName = jclain

[usr_ext]

basicConstraints=critical,CA:FALSE
#subjectKeyIdentifier=hash
#authorityKeyIdentifier=keyid,issuer:always
keyUsage = critical,digitalSignature
extendedKeyUsage = clientAuth

[crl_ext]

#issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always