####################################################################
#                 Sample OpenSSL configuration file                #
####################################################################

RANDFILE		= C:\\dolibarr\\tmp\\.rnd

[ ca ]
default_ca	  = CA_default		# The default ca section

[ CA_default ]
dir           = C:\\dolibarr
certs         = $dir\\certs             # Where the issued certs are kept
crl_dir       = $dir\\crl               # Where the issued crl are kept
database      = $dir\\tmp\\index.txt         # database index file.
new_certs_dir = $dir\\tmp               # default place for new certs.
certificate	  = $dir\\ca_demo_dolibarr.crt       # The CA certificate
serial        = $dir\\tmp\\serial            # The current serial number
crl           = $dir\\crl.pem           # The current CRL
private_key   = $dir\\ca_demo_dolibarr.key      # The CA private key
RANDFILE      = $dir\\tmp\\.rand             # private random number file

x509_extensions  = usr_cert   # The extentions to add to the cert
default_days     = 7300       # how long to certify for
default_crl_days = 30         # how long before next CRL
default_md       = md5        # which md to use.
preserve         = no         # keep passed DN ordering
policy	         = policy_anything

####################################################################

[ policy_anything ]
countryName              = optional
stateOrProvinceName      = optional
localityName             = optional
organizationName         = optional
organizationalUnitName   = optional
commonName               = supplied
emailAddress             = optional

####################################################################
[ req ]
default_bits         = 1024
default_keyfile      = myserver.key
distinguished_name   = req_distinguished_name
attributes           = req_attributes
x509_extensions      = v3_ca	# The extentions to add to the self signed cert
string_mask          = nombstr

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = 
countryName_min                 = 2
countryName_max                 = 2
stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Some-State
localityName                    = Locality Name (eg, city)
0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = MyCompany
organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Web administrators
commonName                      = Common Name (eg, YOUR name)
commonName_default              = Webmaster
commonName_max                  = 64
emailAddress                    = Email Address
emailAddress_max                = 40

[ req_attributes ]
challengePassword      = A challenge password
challengePassword_min  = 4
challengePassword_max  = 20
unstructuredName       = An optional company name

[ usr_cert ]
basicConstraints       = CA:FALSE
nsComment              = "OpenSSL Generated Certificate"
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid,issuer:always

[ v3_req ]
basicConstraints       = CA:FALSE
keyUsage               = nonRepudiation, digitalSignature, keyEncipherment

[ v3_ca ]
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints       = CA:true

[ crl_ext ]
authorityKeyIdentifier = keyid:always,issuer:always