# $Id$
#
# Generate test root resource certificate for use with testroot.py server.

[ ca ]
default_ca		= ca_default

[ ca_default ]
certificate		= testroot.cer
serial			= testroot.serial
private_key		= testroot.key
database		= testroot.index
new_certs_dir		= /tmp
name_opt		= ca_default
cert_opt		= ca_default
default_days		= 365
default_crl_days	= 30
default_md		= sha256
preserve		= no
copy_extensions		= copy
policy			= ca_policy_anything
unique_subject		= no
x509_extensions		= ca_x509_ext
crl_extensions		= crl_x509_ext

[ ca_policy_anything ]
countryName		= optional
stateOrProvinceName	= optional
localityName		= optional
organizationName	= optional
organizationalUnitName	= optional
commonName		= supplied
emailAddress		= optional
givenName		= optional
surname			= optional

[ req ]
default_bits		= 2048
encrypt_key		= no
distinguished_name	= req_dn
req_extensions		= req_x509_ext
prompt			= no

[ req_dn ]
CN			= testroot

[ req_x509_ext ]
basicConstraints	= critical,CA:true
subjectKeyIdentifier	= hash
keyUsage		= critical,keyCertSign,cRLSign
subjectInfoAccess	= 1.3.6.1.5.5.7.48.5;URI:rsync://wombat.invalid/
sbgp-autonomousSysNum	= critical,@asid_ext
sbgp-ipAddrBlock	= critical,@addr_ext

[ ca_x509_ext ]
basicConstraints	= critical,CA:true
keyUsage		= critical,keyCertSign,cRLSign
subjectInfoAccess	= 1.3.6.1.5.5.7.48.5;URI:rsync://wombat.invalid/
sbgp-autonomousSysNum	= critical,@asid_ext
sbgp-ipAddrBlock	= critical,@addr_ext

[ crl_x509_ext ]
authorityKeyIdentifier	= keyid:always

[ asid_ext ] 

AS.0			= 64533
AS.1			= 64534-64540
AS.2			= 64544

[ addr_ext ]

IPv4.0			= 10.0.0.0/24
IPv4.1			= 10.3.0.0/24
IPv4.2			= 192.0.2.1-192.0.2.33
IPv4.3			= 192.0.2.44-192.0.2.100

IPv6.0			= 2001:db8::44-2001:db8::100
IPv6.1			= 2001:db8::a00:0/120
IPv6.2			= 2001:db8::a03:0/120
IPv6.3			= 2001:db8::10:0:44/128