[ca]
default_ca = neonca

[neonca]
dir = ${ENV::CADIR}
database = $dir/index.txt
new_certs_dir = $dir
certificate = $dir/cert.pem
serial = $dir/serial
private_key = $dir/key.pem
policy = policy_any
default_md = sha1
x509_extensions = issuedExt
unique_subject = no
default_bits = 2048

# same as neonca1 just +basicConstraints and without certificate to
# allow creation of the initial self signed certificate
[neoncainit]
dir = ${ENV::CADIR}
database = $dir/index.txt
new_certs_dir = $dir
serial = $dir/serial
private_key = $dir/key.pem
policy = policy_any
default_md = sha1
x509_extensions = issuedExt
unique_subject = no
basicConstraints = CA:TRUE
default_bits = 2048

[policy_any]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = optional
emailAddress = optional

[req]
distinguished_name = $ENV::REQDN
x509_extensions = caExt
string_mask = $ENV::STRMASK
default_bits = 2048

[caExt]
basicConstraints = CA:true

[issuedExt]
basicConstraints = CA:false

# subjectAltName extension sections
[altExt1]
subjectAltName = DNS:localhost

# 2+3: AltNames with multiple entries to test the matching logic
[altExt2]
subjectAltName = DNS:nohost.example.com, DNS:localhost

[altExt3]
subjectAltName = DNS:localhost, DNS:nohost.example.com

# an AltName with no DNS entries; should use commonName instead for
# identity check
[altExt4]
subjectAltName = email:neon@webdav.org

# an AltName with IP address
[altExt5]
subjectAltName = IP:127.0.0.1

# an AltName with a bad IP address
[altExt6]
subjectAltName = IP:1.2.3.4

# an AltName with a good URI
[altExt7]
subjectAltName = URI:https://localhost:7777/

# an AltName with a bad URI
[altExt8]
subjectAltName = URI:http://nohost.example.com/

# AltName with wildcard
[altExt9]
subjectAltName = DNS:*.example.com

[reqDN]
countryName = Country Name
stateOrProvinceName = State or Province Name
localityName = Locality Name
organizationName = Organization Name
organizationalUnitName = Organizational Unit Name
commonName = Common Name (eg, your name or your server\'s hostname)
emailAddress = Email Address

# a DN which gives two commonName attributes.
[reqDN.doubleCN]
countryName = Country Name
stateOrProvinceName = State or Province Name
localityName = Locality Name
organizationName = Organization Name
organizationalUnitName = Organizational Unit Name
0.commonName = Common Name
1.commonName = Common Name
emailAddress = Email Address

[reqDN.twoOU]
countryName = Country Name
stateOrProvinceName = State or Province Name
localityName = Locality Name
organizationName = Organization Name
0.organizationalUnitName = Organizational Unit Name
1.organizationalUnitName = Organizational Unit Name
commonName = Common Name (eg, your name or your server\'s hostname)
emailAddress = Email Address

[reqDN.CNfirst]
commonName = Common Name

[reqDN.missingCN]
countryName = CountryName

[reqDN.justEmail]
emailAddress = CountryName