[ ca ]
default_ca      = CA_default

[ CA_default ]
dir             = .
certs           = $dir/ca/certs
new_certs_dir   = $dir/ca/newcerts
database        = $dir/ca/index.txt
certificate     = $dir/ca/ca.pem
serial          = $dir/ca/serial
private_key     = $dir/ca/ca.key
default_days    = 3650
default_md      = sha1
preserve        = no
policy          = policy_match

[ policy_match ]
organizationName        = match
commonName              = supplied
emailAddress            = optional

[ req ]
distinguished_name      = req_distinguished_name

[ req_distinguished_name ]
organizationName                = Organisation
organizationName_default        = Herve Schauer Consultants
commonName                      = Nom ou URL
commonName_max                  = 64
emailAddress                    = Adresse Email
emailAddress_max                = 40

[CA]
nsComment                       = "[Breve HSC] CA"
subjectKeyIdentifier            = hash
authorityKeyIdentifier          = keyid,issuer:always
basicConstraints                = critical,CA:TRUE,pathlen:0
keyUsage                        = keyCertSign, cRLSign

[OCSP]
nsComment                       = "[Breve HSC] OCSP Responder"
subjectKeyIdentifier            = hash
authorityKeyIdentifier          = keyid,issuer:always
basicConstraints                = critical,CA:FALSE
extendedKeyUsage                = OCSPSigning
crlDistributionPoints           = URI:http://www-crl/current

[TEST]
nsComment                       = "[Breve HSC] Certificat Test"
subjectKeyIdentifier            = hash
authorityKeyIdentifier          = keyid,issuer:always
issuerAltName                   = issuer:copy
basicConstraints                = critical,CA:FALSE
keyUsage                        = digitalSignature, nonRepudiation, keyEncipherment
nsCertType                      = server
extendedKeyUsage                = serverAuth
authorityInfoAccess             = OCSP;URI:http://www-ocsp/
crlDistributionPoints           = URI:http://www-crl/current