2 RANDFILE = $HOME/var/lib/rand
3 oid_section = extra_oids
6 trustList = 2.16.840.1.113730.1.900
7 telephoneNumber = 2.5.4.20
9 logotype = 1.3.6.1.5.5.7.1.12
12 distinguished_name = root_distinguished_name
14 [ root_distinguished_name ]
15 commonName = $ENV::x509_host
16 countryName = $ENV::x509_country
17 initials = $ENV::x509_initials
18 0.organizationName = $ENV::x509_host
19 organizationalUnitName = Anti-autorité de certification primaire
20 postalCode = $ENV::x509_postal_code
21 stateOrProvinceName = $ENV::x509_state_or_province
22 streetAddress = $ENV::x509_street_address
23 telephoneNumber = $ENV::x509_telephone_number
25 basicConstraints = critical,CA:TRUE,pathlen:1
26 keyUsage = keyCertSign,cRLSign
27 subjectAltName = email:contact@$ENV::x509_host
28 subjectKeyIdentifier = hash
29 issuerAltName = issuer:copy
30 authorityKeyIdentifier = keyid:always,issuer:always
31 authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/tls/crt.pem
32 crlDistributionPoints = URI:http://www.$ENV::x509_host/tls/crl.pem
33 #certificatePolicies = @root_certificate_policies
34 #trustList = ASN1:UTF8String:https://www.$ENV::x509_host/tls/trust.etl