#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#

RANDFILE		= /dev/arandom

####################################################################
[ req ]
default_bits		= 1024
default_keyfile 	= privkey.pem
distinguished_name	= req_distinguished_name
attributes		= req_attributes

[ req_distinguished_name ]
countryName			= Country Name (2 letter code)
countryName_default		= CA
countryName_min			= 2
countryName_max			= 2

stateOrProvinceName		= State or Province Name (full name)
stateOrProvinceName_default	= Alberta

localityName			= City Name
localityName_default		= Calgary

0.organizationName		= Organization Name (eg, company)
0.organizationName_default	= Codetalker Communications, Corp.

# we can do this but it is not needed normally :-)
#1.organizationName		= Second Organization Name (eg, company)
#1.organizationName_default	= CryptSoft Pty Ltd

#organizationalUnitName		= Organizational Unit Name (eg, section)
#organizationalUnitName_default	=

commonName			= Common Name (machine.domain or user@domain)
commonName_max			= 64
commonName_default		= $ENV::CN

#emailAddress			= Email Address
#emailAddress_max		= 64

[ req_attributes ]
challengePassword		= A challenge password
challengePassword_min		= 4
challengePassword_max		= 20

unstructuredName		= An optional company name

[ x509v3_extensions ]

nsCaRevocationUrl		= http://www.cryptsoft.com/ca-crl.pem
nsComment			= "This is a comment"

# under ASN.1, the 0 bit would be encoded as 80
nsCertType			= 0x40

#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
#nsCertSequence
#nsCertExt
#nsDataType

[ ext_server ]
# 
# OID: 1.3.6.1.5.5.7.3.1 = serverAuth to OpenSSL
extendedKeyUsage=serverAuth,clientAuth
subjectAltName=critical,DNS:$ENV::CN

[ ext_client ]
# OID:1.3.6.1.5.5.7.3.2 = clientAuth to OpenSSL
extendedKeyUsage=clientAuth
subjectAltName=critical,email:$ENV::CN