#CACAnet Fukuoka 2000/08/19
# CA certificate configuration file
################################################################
HOME                    = .
RANDFILE                = $ENV::HOME/.rnd
oid_section             = new_oids
[ new_oids ]
policyConstraints=2.5.29.36
CACAnetOID=0.2.440.200092
CACAnetClassACACPS=${CACAnetOID}.1.1.1
CACAnetClassACACRL=${CACAnetOID}.1.1.1.1
CACAnetClassAMembersRACPS=${CACAnetOID}.1.1.2
CACAnetClassAServersRACPS=${CACAnetOID}.1.1.3


#URI:"ldap://ldap.cacanet.org/C=JP,O=CACAnet Fukuoka,OU=CA,CN=CACAnet CA CRL"

[ ca ]
default_ca	= CA_default		# The default ca section
[ CA_default ]
dir		= /CACAnet/CA/CACAnetClassACA # Where everything is kept
certs		= $dir/certs		# Where the issued certs are kept
crl_dir		= $dir/crl		# Where the issued crl are kept
database	= $dir/index.txt	# database index file.
new_certs_dir	= $dir/newcerts		# default place for newcerts.

certificate	= $dir/cacert.pem	# The CA certificate 
serial		  = $dir/serial		# The current serial number
crl		    = $dir/crl.pem	# The current CRL
private_key	    = $dir/private/cakey.pem# The private key
RANDFILE	    = $dir/private/.rand      # private random number file

x509_extensions	= v3_ca			# The extentions to add to the cert

# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions       = crl_ext

default_days	       = 3652		# how long to certify for
default_crl_days= 1			# how long before next CRL
default_md	  = md5			# which md to use.
preserve	  = no			# keep passed DN ordering

policy		= policy_match

[ policy_match ]
organizationName	= optional
organizationalUnitName	= optional
commonName		= supplied

[ policy_anything ]
organizationName  = optional
organizationalUnitName	= optional
commonName		= supplied

[ req ]
default_bits		= 2048
default_keyfile		= cakey.pem
distinguished_name	= req_distinguished_name
attributes		= req_attributes

x509_extensions		= v3_ca	# 

[ req_distinguished_name ]

countryName		= Country Name (eg, company)
countryName_default	= JP

organizationName	= Organization Name (eg, company)
organizationName_default	= CACAnet Fukuoka

organizationalUnitName		= Organizational Unit Name (eg,section)
organizationalUnitName_default	= CA

commonName			= CA name
commonName_default		= CACAnet Class A CA

[ req_attributes ]

[ usr_cert ]

[ v3_ca ]

subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = critical,CA:true,pathlen:2
keyUsage = critical,cRLSign, keyCertSign 
crlDistributionPoints=URI:"http://www.cacanet.org/CACAnetClassACA/CACAnetClassACA.crl"
policyConstraints=DER:3005A003020103
certificatePolicies=ia5org,@polsect

[polsect]

policyIdentifier =CACAnetClassACACPS
CPS="http://www.cacanet.org/CACAnetClassACA/ClassACACPS.html"
userNotice=@notice

[ notice ]
explicitText="This certificate is issued for your PKI as a non-profit public service."
organization="Citizen's Association for Certification Authority Network Fukuoka"
noticeNumbers=1
[ crl_ext ]

# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a
# CRL.

# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always