# This definition stops the following lines choking if HOME isn't
# defined.
HOME			= .
RANDFILE		= $ENV::HOME/.rnd

##################################################################################
###################################################################################
# REQ CONFIGURATION DIRECTIVES
# The directives below are used by the openSSL req command.
# This command creates and processes certificate requests in PKCS#10
# (Public Key Cryptography Standard no. 10) format. This section is
# also used for creating self signed certificates for use as root CA
# certificates etc.
###################################################################################
###################################################################################



########################################################################

[ req ]


# default bits to use when -new option is used
default_bits		= 1024 


# default md to use
default_md 		= sha1 


# distinguished_name: Specifies the name of another section in the cnf
# file that defines the prompts used when asking the user for information
# needed to generate a certificate (request?). The referenced section
# also gives default values (if none are entered) and constraints on
# allowed values.

distinguished_name	= req_distinguished_name

# According to a discussion in EUgriPMA list, PrintableStrings appear
# to be a safe option (nombstr)
# This sets a mask for permitted string types. There are several options. 
# default: PrintableString, T61String, BMPString.
# pkix	 : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: some versions of Netscape crash on BMPStrings or UTF8Strings
string_mask = nombstr


# req_extensions: Specifies the name of another section in the cnf
# file that contains a list of extensions to add to a certificate
# request

req_extensions = v3_req



########################################################################
# This section defines the prompts when asking the user for information
# needed to generate a certificate. It also gives default values (if
# the user does not enter any) and puts  constraints on allowed values.

# Note: if a set of related attributes includes one with a _default
# suffix, then if the user enters no value for the attribute, the
# default value will be used (he can leave empty by entering '.').


[ req_distinguished_name ]


# The C component of the DN
# ISO 3166 two-letter country code

countryName			= Country Name (2 letter code)
countryName_default		= CY 
countryName_min			= 2
countryName_max			= 2


# The first O component of the DN (Organization Name) 

0.organizationName		= National Grid Initiative name
0.organizationName_default	= CyGrid


# The second O component of the DN (Second Organization Name) 

1.organizationName		= Organization Name (company/institute name)
#1.organizationName_default	= HPCL


commonName			= FQDN (i.e.domain name)
commonName_max			= 64


###################################################################################

[ v3_req ]


# Extensions to add to a certificate request, see [ req ] for explanations

basicConstraints=critical,CA:FALSE

keyUsage=critical, digitalSignature, keyEncipherment, dataEncipherment