# $Id$
#
# Config file for myrpi.py; note that this is also read by the OpenSSL
# command line tool running under mypki.py, so syntax must remain
# OpenSSL-compatible and portions of this are OpenSSL voodoo.

[myrpki]
handle			= wombat
roa_csv			= roas.csv
children_csv		= children.csv
parents_csv		= parents.csv
prefix_csv		= prefixes.csv
asn_csv			= asns.csv
xml_filename		= myrpki.xml
bpki_directory		= bpki.myrpki

[constants]
digest			= sha256
key_length		= 2048
cert_days		= 365
crl_days		= 365

[myirbe]
irdbd_conf		= irdbd.conf
rpkid_ca_directory	= bpki.rpkid
pubd_ca_directory	= bpki.pubd
rootd_ca_directory	= bpki.rootd

[req]
default_bits		= ${constants::key_length}
default_md		= ${constants::digest}
distinguished_name	= req_dn
prompt			= no
encrypt_key		= no

[req_dn]
CN                      = Dummy name for certificate request

[ca_x509_ext_ee]
subjectKeyIdentifier	= hash
authorityKeyIdentifier	= keyid:always

[ca_x509_ext_xcert0]
basicConstraints	= critical,CA:true,pathlen:0
subjectKeyIdentifier	= hash
authorityKeyIdentifier	= keyid:always

[ca_x509_ext_xcert1]
basicConstraints	= critical,CA:true,pathlen:1
subjectKeyIdentifier	= hash
authorityKeyIdentifier	= keyid:always

[ca_x509_ext_ca]
basicConstraints	= critical,CA:true
subjectKeyIdentifier	= hash
authorityKeyIdentifier	= keyid:always

[ca]
default_ca		= ca
dir			= ${ENV::BPKI_DIRECTORY}
new_certs_dir		= $dir
database		= $dir/index
certificate		= $dir/ca.cer
private_key		= $dir/ca.key
default_days		= ${constants::cert_days}
default_crl_days	= ${constants::crl_days}
default_md		= ${constants::digest}
policy			= ca_dn_policy
unique_subject		= no
serial			= $dir/serial
crlnumber		= $dir/crl_number

[ca_dn_policy]
countryName		= optional
stateOrProvinceName	= optional
localityName		= optional
organizationName	= optional
organizationalUnitName	= optional
commonName		= supplied
emailAddress		= optional
givenName		= optional
surname			= optional