+++ /dev/null
-HOME = .
-RANDFILE = /var/tmp/.rnd
-oid_section = new_oids
-
-[ new_oids ]
-
-[ ca ]
-default_ca = IPFire
-
-[ IPFire ]
-dir = /var/ipfire
-certs = $dir/certs
-crl_dir = $dir/crls
-database = $dir/certs/index.txt
-new_certs_dir = $dir/certs
-certificate = $dir/ca/cacert.pem
-serial = $dir/certs/serial
-crl = $dir/crls/cacrl.pem
-private_key = $dir/private/cakey.pem
-RANDFILE = $dir/tmp/.rand
-x509_extensions = usr_cert
-default_days = 999999
-default_crl_days= 30
-default_md = md5
-preserve = no
-policy = policy_match
-email_in_dn = no
-
-[ policy_match ]
-countryName = optional
-stateOrProvinceName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
-distinguished_name = req_distinguished_name
-attributes = req_attributes
-x509_extensions = v3_ca
-string_mask = nombstr
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = DE
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default =
-
-localityName = Locality Name (eg, city)
-#localityName_default =
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = IPFire
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName = Common Name (eg, your name or your server\'s hostname)
-commonName_max = 64
-
-emailAddress = Email Address
-emailAddress_max = 40
-
-[ req_attributes ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-unstructuredName = An optional company name
-
-[ usr_cert ]
-basicConstraints=CA:FALSE
-nsComment = "OpenSSL Generated Certificate"
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-[ v3_req ]
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always
-basicConstraints = CA:true
-
-[ crl_ext ]
-authorityKeyIdentifier=keyid:always,issuer:always
-
-[ engine ]
-default = openssl