HOME        = .
	RANDFILE    = var/sec/x509/openssl.rand
	oid_section = extra_oids
[ extra_oids ]
	# Pour EVSSL
	trustList       = 2.16.840.1.113730.1.900
	telephoneNumber = 2.5.4.20
	initials        = 2.5.4.43
	logotype        = 1.3.6.1.5.5.7.1.12
[ req ]
	prompt             = no
	distinguished_name = distinguished_name
	string_mask        = pkix
[ distinguished_name ]
	commonName             = $ENV::x509_host
	countryName            = $ENV::x509_country
	initials               = $ENV::x509_initials
	0.organizationName     = $ENV::x509_organization
	organizationalUnitName = Anti-autorité de certification primaire
	postalCode             = $ENV::x509_postal_code
	stateOrProvinceName    = $ENV::x509_state_or_province
	streetAddress          = $ENV::x509_street_address
	telephoneNumber        = $ENV::x509_telephone_number
[ extensions ]
	basicConstraints       = critical,CA:TRUE,pathlen:1
	keyUsage               = keyCertSign,cRLSign
	subjectAltName         = email:contact@$ENV::x509_host
	subjectKeyIdentifier   = hash
	issuerAltName          = issuer:copy
	authorityKeyIdentifier = keyid:always,issuer:always
	authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
	crlDistributionPoints  = URI:http://www.$ENV::x509_host/x509/crl.pem
	#certificatePolicies    = @certificate_policies
	#trustList              = ASN1:UTF8String:https://www.$ENV::x509_host/x509/trust.etl
	#policyConstraints      =
	#extendedKeyUsage       =
	#inhibitAnyPolicy       =
	#nameConstraints        =
	#noCheck                =
[ self_signed_extensions ]
	basicConstraints       = critical,CA:TRUE,pathlen:1
	keyUsage               = keyCertSign,cRLSign
	subjectAltName         = email:contact@$ENV::x509_host
	subjectKeyIdentifier   = hash
	issuerAltName          = issuer:copy
	authorityKeyIdentifier = keyid:always,issuer:always
	authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
	crlDistributionPoints  = URI:http://www.$ENV::x509_host/x509/crl.pem
[ ca ]
	private_key      = var/sec/x509/$ENV::x509/key.pem
	dir              = var/pub/x509/$ENV::x509
	crl_dir          = $dir
	crlnumber        = $dir/crl.num
	crl              = $dir/crl.pem
	database         = $dir/idx.txt
[ self_signed_ca ]
	private_key      = var/sec/x509/$ENV::x509/key.pem
	dir              = var/pub/x509/$ENV::x509
	crl_dir          = $dir
	crlnumber        = $dir/crl.self-signed.num
	crl              = $dir/crl.self-signed.pem
	database         = $dir/idx.self-signed.txt