# CACAnet Fukuoka
# user certificate configuration file
# Last modified  by YAMAMURA Tomohiro (2002/06/15)
################################################################
HOME                    = .
RANDFILE                = $ENV::HOME/.rnd
oid_section             = new_oids
[ new_oids ]
#0.2.440.200092．証明書とCRLプロファイル．CA識別．RAA識別 .データ識別
#分類

#証明書とCRLプロファイルのオブジェクト（0が証明書CRLプロファイル）
#CA識別（0がCACAnet Class A CA)
#RAA（0がCACAnet Fukuokaで，その後はシリアル番号）
#データ種別(CPS=0，CRL=1)

CACAnetOID=0.2.440.200092

# 2002/06/15
# CA識別 : CACAnet Development CA = 2
CACAnetDevelopmentCACPS=${CACAnetOID}.0.2.0.0
CACAnetDevelopmentCACRL=${CACAnetOID}.0.2.0.1

#2002/02/10 CACAnet Fukuoka Members RAA のRAA識別=1
CACAnetDevelopmentMembersRAACPS=${CACAnetOID}.0.2.1.0
CACAnetDevelopmentMembersRAACRL=${CACAnetOID}.0.2.1.1



[ ca ]
default_ca	= CA_default		# The default ca section
[ CA_default ]
dir		= /CACAnet/CA/CACAnetDevelopmentCA	# Where everything is kept
certs		= $dir/certs		# Where the issued certs are kept
crl_dir		= $dir/crl		# Where the issued crl are kept
database	= $dir/indexes/$ENV::RAA_NAME.txt	# database index file.
new_certs_dir	= $dir/newcerts		# default place for new certs.

certificate	= $dir/cacert.pem	# The CA certificate
serial		= $dir/serial		# The current serial number
crl		= $dir/crl.pem		# The current CRL
private_key	= $dir/private/cakey.pem# The private key
RANDFILE	= $dir/private/.rand	# private random number file

x509_extensions	= v3_user		# The extentions to add to the cert

# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions       = crl_ext

default_days	       = 365		# how long to certify for
default_crl_days= 1			# how long before next CRL
default_md	  = sha1			# which md to use.
preserve	  = no			# keep passed DN ordering

policy		= policy_match

[ policy_match ]
countryName	 = optional
organizationName = optional
organizationalUnitName	= optional
commonName		  = supplied
emailAddress		    = supplied

[ policy_anything ]
countryName	 = optional
organizationName  = optional
organizationalUnitName	= optional
commonName		  = supplied
emailAddress		    = supplied

[ req ]
default_bits		= 1024
default_keyfile		= cakey.pem
distinguished_name	= req_distinguished_name
attributes		  = req_attributes
x509_extensions		  = v3_user	# 

[ req_distinguished_name ]

countryName			= Country name
countryName_default		= JP

0.organizationName              = Organization Name
0.organizationName_default      = CACAnet Fukuoka

1.organizationName              = RAA Name (eg, company)
1.organizationName_default      = CACAnet Members RAA

0.organizationalUnitName	= Organizational Unit Name (eg, section)
0.organizationalUnitName_default	= RAA

1.organizationalUnitName          = RA serial
1.organizationalUnitName_default  = 0

2.organizationalUnitName          = Entity Type
2.organizationalUnitName_default  = person

commonName                      = User Name
commonName_max                  = 64

emailAddress                    = Email Address
emailAddress_max                = 64

[ req_attributes ]

[ usr_cert ]

[ v3_user ]

subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
#basicConstraints = critical,CA:false
keyUsage = critical,digitalSignature,nonRepudiation,keyEncipherment,keyAgreement,dataEncipherment
extendedKeyUsage= clientAuth,codeSigning,emailProtection,timeStamping
subjectAltName=email:copy

#RAA分割対応
#"http://www.cacanet.org/CACAnetDevelopmentCA/RAA名.crl"

crlDistributionPoints=URI:"http://www.cacanet.org/CACAnetDevelopmentCA/CACAnetMembersRAA.crl"
certificatePolicies=ia5org,@polsect1,@polsect2

[polsect1]
#CACAnet Development CA のポリシー

policyIdentifier =CACAnetDevelopmentCACPS

#CACAnet Development CA のCPS
CPS="http://www.cacanet.org/CACAnetDevelopmentCA/CACAnetDevelopmentCACPS.html"
userNotice=@notice1

[ notice1 ]
explicitText="This is a certificate for an experiment and is not applicable to practical use."
organization="Citizen's Association for Certification Authority Network Fukuoka"
noticeNumbers=1

[polsect2]
# CACAnet Members RAAのポリシー
#
policyIdentifier =CACAnetDevelopmentMembersRAACPS


#RAA分割対応
CPS="http://www.cacanet.org/CACAnetDevelopmentCA/CACAnetDevelopmentMembersRAACPS.html"
userNotice=@notice2

[ notice2 ]
explicitText="This is a certificate for an experiment and is not applicable to practical use."
organization="Citizen's Association for Certification Authority Network Fukuoka"
noticeNumbers=1

#[ crl_ext ]

# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a
# CRL.

# issuerAltName=issuer:copy
#authorityKeyIdentifier=keyid:always,issuer:always