# nsopenssl Test Certificate Authority Configuration File
#
# $Header: /cvsroot/aolserver/nsopenssl/ca/ca1.conf,v 1.2 2002/10/08 02:33:45 scottg Exp $
#
# This configuration file is used to generate a CA cert and sign
# test certificates for nsopenssl testing.

[ ca ]
default_ca              = ca1

[ ca1 ]
certificate             = ca1/ca1.pem
private_key             = ca1/ca1.key
new_certs_dir           = ca1/certificates
crl_dir                 = ca1/crl
crl                     = ca1/crl/crl.pem
database                = ca1/index.txt
serial                  = ca1/serial
default_days            = 365
default_crl_days        = 30
default_md              = md5
preserve                = no
policy                  = ca1-policy
x509_extensions         = ca1-extensions 

[ ca1-policy ]
countryName             = supplied
stateOrProvinceName     = supplied
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

# These extensions are added when a cert is signed by the CA
[ ca1-extensions ]
basicConstraints = CA:false

[ req ]
default_bits            = 2048
default_keyfile         = ca1/ca1.key
default_md              = md5
prompt                  = no
distinguished_name      = root-ca1-distinguished-name
x509_extensions         = root-ca1-x509-extensions

[ root-ca1-distinguished-name ]
commonName              = nsopenssl CA #1 Test CA
stateOrProvinceName     = Florida
countryName             = US
emailAddress            = ca1@scottg.net
organizationName        = nsopenssl CA #1 Root Certification Authority

[ root-ca1-x509-extensions ]
basicConstraints = CA:true