HOME			= .
RANDFILE		= $ENV::HOME/.rnd

oid_section		= new_oids

[ new_oids ]
my_policy_oid   = 1.3.6.1.5

[ ca ]
default_ca	= CA_default	

[ CA_default ]

dir		= /etc/ssl/CA		# Where everything is kept
certs		= $dir/certs		# Where the issued certs are kept
crl_dir		= $dir/crl		# Where the issued crl are kept
database	= $dir/index.txt	# database index file.
new_certs_dir	= $dir/newcerts		# default place for new certs.

certificate	= $dir/cacert.crt 	# The CA certificate
serial		= $dir/serial 		# The current serial number
crl		= $dir/crl.pem 		# The current CRL
private_key	= $dir/cacert.pem		# The private key
RANDFILE	= $dir/private/.rand	# private random number file

x509_extensions	= usr_cert		# The extentions to add to the cert

default_days	= 11000			# how long to certify for
default_crl_days= 7			# how long before next CRL
default_md	= sha512			# which md to use.
preserve	= no			# keep passed DN ordering

policy		= policy_anything

[ policy_match ]
countryName             = optional
stateOrProvinceName     = optional
organizationName	= optional
organizationalUnitName	= optional
commonName		= optional

[ policy_anything ]
countryName             = optional
stateOrProvinceName     = optional
organizationName	= optional
organizationalUnitName	= optional
commonName		= optional

####################################################################
[ req ]
default_bits		= 2048
default_keyfile 	= privkey.pem
distinguished_name	= req_distinguished_name
attributes		= req_attributes
x509_extensions	= v3_ca	# The extentions to add to the self signed cert

string_mask = nombstr

[ req_attributes ]
challengePassword               = A challenge password                 
challengePassword_min           = 4
challengePassword_max           = 20

[ req_distinguished_name ]

countryName                     = Country Name (2 letter code)
countryName_default             = AU
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = New South Wales

organizationName		= Organization Name (eg, company)
organizationName_default	= CAcert Inc.

organizationalUnitName		= Organizational Unit Name (eg, section)
organizationalUnitName_default	= http://www.CAcert.org

commonName			= Common Name (eg, YOUR name)
commonName_default		= CAcert Inc. Signing Authority
commonName_max			= 64

[ v3_ca ]
subjectKeyIdentifier		= hash
authorityKeyIdentifier		= keyid:always,issuer:always
basicConstraints		= critical, CA:true

authorityInfoAccess		= OCSP;URI:http://ocsp.CAcert.org/,caIssuers;URI:http://www.CAcert.org/ca.crt
certificatePolicies		= @polsect

nsCaPolicyUrl			= http://www.CAcert.org/index.php?id=10
nsComment                       = "To get your own certificate for FREE, go to http://www.CAcert.org"

[ polsect ]
CPS				= "http://www.CAcert.org/index.php?id=10"
policyIdentifier		= my_policy_oid