#
# OpenSSL configuration file.
#

# Establish working directory
dir = .

[ ca ]
default_ca = CA_Default

[ CA_Default ]
serial = $dir/serial
database = $dir/index.txt
new_certs_dir = $dir/newcerts
certificate = $dir/certs/ca-cert.pem
private_key = $dir/private/ca-key.pem
default_days = #LENGTH# # Certificates are signed for default_days days
default_md = md5
preserve = no
email_in_dn = no
nameopt = default_ca
certopt = default_ca
policy = policy_match
copy_extensions = copy

[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional

[ req ]
default_bits = 2048 # Taille des clés
default_keyfile = newkeys/key.pem # Nom de la clé généré (à spécifier en ligne de commande si différent) 
default_md = md5 # Algorithme de résumé (hash)
string_mask = nombstr # Caractères authorisés
prompt = no
distinguished_name = req_distinguished_name
req_extensions = v3_req
# On ne veut ces extensions que pour générer les certificats racines
# donc on le spécifie sur la ligne de commande
x509_extensions = v3_ca

[ req_distinguished_name ]
organizationName = #ORG#
organizationalUnitName = #ORGUNIT#
localityName = #LOCALITY#
stateOrProvinceName = #STATE#
countryName = #COUNTRY#
commonName = #COMMONNAME#

[ v3_ca ]
basicConstraints = CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always

[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
subjectAltName = #ALTNAME#