#CACAnet Fukuoka 2002/06/11
# CA certificate configuration file
################################################################
HOME                    = .
RANDFILE                = $ENV::HOME/.rnd
oid_section             = new_oids
[ new_oids ]
#0.2.440.200092．証明書とCRLプロファイル．CA識別．RAA識別 .データ識別
#分類

#証明書とCRLプロファイルのオブジェクト（0が証明書CRLプロファイル）
#CA識別（0がCACAnet Class A CA)
#RAA（0がCACAnet Fukuokaで，その後はシリアル番号）
#データ種別（CPS＝0，CRL＝1）

policyConstraints=2.5.29.36
CACAnetOID=0.2.440.200092

CACAnetTestACACPS=${CACAnetOID}.0.1.0.0
CACAnetTestACACRL=${CACAnetOID}.0.1.0.1


[ ca ]
default_ca	= CA_default		# The default ca section
[ CA_default ]
dir		= /CACAnet/CA/CACAnetTestACA/CACAnetMembersRAA # Where everything is kept
certs		= $dir/certs		# Where the issued certs are kept
crl_dir		= $dir/crl		# Where the issued crl are kept
database	= $dir/index.txt	# database index file.
new_certs_dir	= $dir/newcerts		# default place for newcerts.

certificate	= $dir/cacert.pem	# The CA certificate 
serial		  = $dir/serial		# The current serial number
crl		    = $dir/crl.pem	# The current CRL
private_key	    = $dir/private/cakey.pem# The private key
RANDFILE	    = $dir/private/.rand      # private random number file

x509_extensions	= v3_ca			# The extentions to add to the cert

# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions       = crl_ext

default_days	       = 3652		# how long to certify for
default_crl_days= 1			# how long before next CRL
default_md	  = md5			# which md to use.
preserve	  = no			# keep passed DN ordering

policy		= policy_match

[ policy_match ]
organizationName	= optional
organizationalUnitName	= optional
commonName		= supplied

[ policy_anything ]
organizationName  = optional
organizationalUnitName	= optional
commonName		= supplied

[ req ]
default_bits		= 2048
default_keyfile		= cakey.pem
distinguished_name	= req_distinguished_name
attributes		= req_attributes
x509_extensions		= v3_ca	# 

[ req_distinguished_name ]

countryName		= Country Name (eg, company)
countryName_default	= JP

organizationName	= Organization Name (eg, company)
organizationName_default	= CACAnet Fukuoka

organizationalUnitName		= Organizational Unit Name (eg,section)
organizationalUnitName_default	= CA

commonName			= CA name
commonName_default		= CACAnet Test A CA

[ req_attributes ]

[ usr_cert ]

[ v3_ca ]

subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = critical,CA:true,pathlen:2
keyUsage = critical,cRLSign, keyCertSign 
crlDistributionPoints=URI:"http://www.cacanet.org/CACAnetTestACA/CACAnetTestACA.crl"
certificatePolicies=ia5org,@polsect

[polsect]

policyIdentifier =CACAnetTestACACPS
CPS="http://www.cacanet.org/CACAnetTestACA/TestACACPS.html"
userNotice=@notice

[ notice ]
explicitText="This is a certificate for an experiment and is not applicable to practical use."
organization="Citizen's Association for Certification Authority Network Fukuoka"
noticeNumbers=1
[ crl_ext ]

# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a
# CRL.

# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always