/* vim:set nowrap noet ts=8 ft=dosini: */

#include "default.ini"

/*
  We have defaults for all values, but without prompting
  we get an ASN error, so bad news.
*/
#define PROMPT			1

[req]

  default_keyfile		=com.example_CAPrivate_key.pem

  default_bits			=$req_DEFAULT::default_bits
  default_md			=$req_DEFAULT::default_md
  encrypt_key			=$req_DEFAULT::encrypt_key
  utf8				=$req_DEFAULT::utf8

#if (PROMPT)
  prompt			=yes
#else
  prompt			=no
#endif

  req_extensions		=req_extensions_DEFAULT_CA
  x509_extensions		=extensions_DEFAULT_CA

  distinguished_name		=distinguished_name_CA
  attributes			=attributes_CA

#if 0
  input_password		=secret
  output_password		=secret
#endif

  string_mask			=$req_DEFAULT::string_mask

[distinguished_name_CA]

#if (PROMPT)
  countryName			=Country Name (2 letter code)
  countryName_default		=XX
  countryName_min		=2
  countryName_max		=2

  stateOrProvinceName		=State or Province Name (full name)
  stateOrProvinceName_default	=example region

  localityName			=Locality Name (eg, city)
  localityName_default		=example city

  organizationName		=Organization Name (eg, company)
  organizationName_default	=Example Ltd.
  organizationalUnitName	=Organizational Unit Name (eg, section)
  organizationalUnitName_default=CA

  commonName			=Common Name 
  commonName_default		=CA.example.com
  commonName_max		=64

  emailAddress			=Email Address
  emailAddress_default		=keymaster@example.com
  emailAddress_max		=60

#if 0 /* 'subjectAltName' not supported for CA */
  subjectAltName		=Subject Alt Name
  subjectAltName_default	=@subjectAltName_CA
#endif
#else
#if 1
  C				=countryName
  ST				=stateOrProvinceName
  L				=localityName
  O				=organizationName
  OU				=organizationalUnitName
  CN				=Common Name
#else
  countryName			=XX
  stateOrProvinceName		=example region
  localityName			=example city
  organizationName		=Example Ltd.
  organizationalUnitName	=CA
  commonName			=CA.example.com
#endif

  emailAddress			=keymaster@example.com
#if 0 /* 'subjectAltName' not supported for CA */
  subjectAltName		=@subjectAltName_CA
#endif

#if 0
  SET-ex3			=SET extension number 3
#endif
#endif

[attributes_CA]
  /* Special attributes for a CA certificate. */

#if (PROMPT)
  challengePassword		=A challenge password for the CA to ask
  challengePassword_min		=4
  challengePassword_max		=20

  unstructuredName		=An optional company name
#else
  unstructuredName		=com.example
#endif

[subjectAltName_CA]
  URI				=HTTP(WWW.example.com/)
  DNS.0				=Example Ltd.
  DNS.1				=*.example.com
  email.0			=root@example.com
  email.1			=keymaster@example.com
#if 0 /* 'RFC822' not supported for CA */
  RFC822.0			=root@example.com
  RFC822.1			=keymaster@example.com
#endif