HOME            = .
RANDFILE        = $ENV::HOME/.rnd
oid_section     = new_oids

[ new_oids ]

[ ca ]
default_ca  = CA_default        # The default ca section
[ CA_default ]
dir     = .     # Where everything is kept
certs       = $dir/certs        # Where the issued certs are   kept
crl_dir     = $dir/crl      # Where the issued crl are kept
database    = $dir/dbca/index.txt   # database index file.
new_certs_dir   = $dir/newcerts     # default place for new certs.
certificate = $dir/cacert.pem   # The CA certificate
serial      = $dir/serial/serial        # The current serial number
crl     = $dir/crl.pem      # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE    = $dir/private/.rand    # private random number file
x509_extensions = usr_cert      # The extentions to add to the cert
default_days    = 365           # how long to certify for
default_crl_days= 30            # how long before next CRL
default_md  = md5           # which md to use.
preserve    = no            # keep passed DN ordering
policy      = policy_match

[ policy_match ]
countryName     = match
stateOrProvinceName = match
organizationName    = match
organizationalUnitName  = optional
commonName      = supplied
emailAddress        = optional

[ policy_anything ]
countryName     = optional
stateOrProvinceName = optional
localityName        = optional
organizationName    = optional
organizationalUnitName  = optional
commonName      = supplied
emailAddress        = optional

[ req ]
default_bits        = 1024
default_keyfile     = privkey.pem
distinguished_name  = req_distinguished_name
attributes      = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
string_mask = nombstr

[ req_distinguished_name ]
countryName         = Country Name (2 letter code)
countryName_default     = CH
countryName_min         = 2
countryName_max         = 2

stateOrProvinceName     = State or Province Name (full name)
stateOrProvinceName_default = Vaud

localityName            = Locality Name (eg, city)
localityName_default        = Nyon

0.organizationName      = Organization Name (eg, company)
0.organizationName_default  = GMO Lab (gmolab)

organizationalUnitName      = Organizational Unit Name (eg, section)

organizationalUnitName_default  = ITCS (Information Technology and Communications Service)

commonName          = Common Name (eg, YOUR name)
commonName_default  = 
commonName_max          = 64

emailAddress            = Email Address
emailAddress_default        = example@example.com
emailAddress_max        = 40

[ req_attributes ]
challengePassword       = A challenge password
challengePassword_min       = 4
challengePassword_max       = 20

unstructuredName        = An optional company name

[ usr_cert ]
basicConstraints=CA:FALSE
nsComment           = "OpenSSL Generated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true

[ crl_ext ]
authorityKeyIdentifier=keyid:always,issuer:always