/* vim:nowrap:noet:ts=8:ft=dosini
*/

#include "default.ini"

/*
  We have defaults for all values, but without prompting
  we get an ASN error, so bad news.
*/
#define PROMPT			0

[req]

  default_keyfile		=com.example.SSL_Private_key.pem

  default_bits			=$req_DEFAULT::default_bits
  default_md			=$req_DEFAULT::default_md
  encrypt_key			=$req_DEFAULT::encrypt_key
  utf8				=$req_DEFAULT::utf8

#if (PROMPT)
  prompt			=yes
#else
  prompt			=no
#endif

  req_extensions		=$req_DEFAULT::req_extensions
  x509_extensions		=$req_DEFAULT::x509_extensions

  distinguished_name		=distinguished_name
  attributes			=attributes

#if 0
  input_password		=secret
  output_password		=secret
#endif

  string_mask			=$req_DEFAULT::string_mask

[distinguished_name]

#if (PROMPT)
  countryName			=Country Name (2 letter code)
  countryName_default		=XX
  countryName_min		=2
  countryName_max		=2

  stateOrProvinceName		=State or Province Name (full name)
  stateOrProvinceName_default	=example region

  localityName			=Locality Name (eg, city)
  localityName_default		=example city

  organizationName		=Organization Name (eg, company)
  organizationName_default	=Example Ltd.
  organizationalUnitName	=Organizational Unit Name (eg, section)
  organizationalUnitName_default=systems

  0.commonName			=Common Name 
  0.commonName_default		=SSL.example.com
  0.commonName_max		=64

  1.commonName			=Common Name 
  1.commonName_default		=*.example.com
  1.commonName_max		=64

  2.commonName			=Common Name 
  2.commonName_default		=Example Ltd.
  2.commonName_max		=64

#if 0 /* It is inconvenient to put the email address in the DN */
  emailAddress			=Email Address
  emailAddress_default		=root@SSL.for.example.com
  emailAddress_max		=60
#endif

#if 0 /* The 'subjectAltName' field should not be part of the DN */
  subjectAltName		=Subject Alt Name
  subjectAltName_default	=@subjectAltName
#endif

#else /* no prompt */
# if 0
    C				=countryName
    ST				=stateOrProvinceName
    L				=localityName
    O				=organizationName
    OU				=organizationalUnitName
    CN				=Common Name
# else
    countryName			=XX
    stateOrProvinceName		=example region
    localityName		=example city
    organizationName		=Example Ltd.
    organizationalUnitName	=systems
    0.commonName		=SSL.example.com
    1.commonName		=*.example.com
    2.commonName		=Example Ltd.
# endif

#if 0 /* It is inconvenient to put the email address in the DN */
    emailAddress		=root@SSL.for.example.com
#endif
#if 0 /* The 'subjectAltName' field should not be part of the DN */
    subjectAltName		=
#endif

#endif

#if 0
  SET-ex3			=SET extension number 3
#endif

[attributes]
  /* Special attributes for a CSR certificate. */

#if (PROMPT)
  challengePassword		=A challenge password for the CA to ask
  challengePassword_min		=4
  challengePassword_max		=20

  unstructuredName		=An optional company name
#else
  unstructuredName		=com.example
#endif