--- /dev/null
+ HOME = .
+ RANDFILE = $HOME/var/lib/rand
+ oid_section = extra_oids
+[ extra_oids ]
+ # Pour EVSSL
+ trustList = 2.16.840.1.113730.1.900
+ telephoneNumber = 2.5.4.20
+ initials = 2.5.4.43
+ logotype = 1.3.6.1.5.5.7.1.12
+[ req ]
+ prompt = no
+ distinguished_name = root_distinguished_name
+ string_mask = pkix
+[ root_distinguished_name ]
+ commonName = $ENV::x509_host
+ countryName = $ENV::x509_country
+ initials = $ENV::x509_initials
+ 0.organizationName = $ENV::x509_host
+ organizationalUnitName = Anti-autorité de certification primaire
+ postalCode = $ENV::x509_postal_code
+ stateOrProvinceName = $ENV::x509_state_or_province
+ streetAddress = $ENV::x509_street_address
+ telephoneNumber = $ENV::x509_telephone_number
+[ root_extensions ]
+ basicConstraints = critical,CA:TRUE,pathlen:1
+ keyUsage = keyCertSign,cRLSign
+ subjectAltName = email:contact@$ENV::x509_host
+ subjectKeyIdentifier = hash
+ issuerAltName = issuer:copy
+ authorityKeyIdentifier = keyid:always,issuer:always
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/tls/crt.pem
+ crlDistributionPoints = URI:http://www.$ENV::x509_host/tls/crl.pem
+ #certificatePolicies = @root_certificate_policies
+ #trustList = ASN1:UTF8String:https://www.$ENV::x509_host/tls/trust.etl
+ #policyConstraints =
+ #extendedKeyUsage =
+ #inhibitAnyPolicy =
+ #nameConstraints =
+ #noCheck =