skrobul/gist:40d77668df1d8f7ff878

## gistfile1.txt

HOME                    = .
RANDFILE                = $ENV::HOME/.rnd

oid_section             = new_oids

[ new_oids ]

tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7

[ ca ]

[ CA_default ]

copy_extensions = copy

policy          = policy_match

[ policy_match ]
countryName             = match
stateOrProvinceName     = match
organizationName        = match
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

[ policy_anything ]
countryName             = optional
stateOrProvinceName     = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional
subjectAltName = optional

[ req ]
default_bits            = 1024
default_keyfile         = privkey.pem
distinguished_name      = req_distinguished_name
attributes              = req_attributes

string_mask = utf8only

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = US
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Texas

localityName                    = Locality Name (eg, city)
localityName_default = San Antonio

0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = YourCompany

organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Strategic NetOps

commonName                      = Common Name (IP address of the node)
commonName_max                  = 64

emailAddress                    = Email Address
emailAddress_default            = marek.skrobacki@example.com
emailAddress_max                = 64

[ req_attributes ]
challengePassword               = A challenge password
challengePassword_min           = 4
challengePassword_max           = 20
unstructuredName                = An optional company name

[ usr_cert ]
basicConstraints=CA:FALSE
nsComment                       = "OpenSSL Generated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer

[ v3_req ]
subjectAltName          = $ENV::SAN
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

[ ssl_client ]
extendedKeyUsage = clientAuth,serverAuth
basicConstraints=CA:FALSE
nsComment                       = "OpenSSL Generated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer

[ v3_ca ]
subjectKeyIdentifier=hash
extendedKeyUsage = clientAuth
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = CA:true
subjectAltName = $ENV::SAN

[ crl_ext ]
authorityKeyIdentifier=keyid:always

[ proxy_cert_ext ]
basicConstraints=CA:FALSE
nsComment                       = "OpenSSL Generated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo

	HOME = .
	RANDFILE = $ENV::HOME/.rnd

	oid_section = new_oids

	[ new_oids ]

	tsa_policy1 = 1.2.3.4.1
	tsa_policy2 = 1.2.3.4.5.6
	tsa_policy3 = 1.2.3.4.5.7

	[ ca ]

	[ CA_default ]

	copy_extensions = copy

	policy = policy_match

	[ policy_match ]
	countryName = match
	stateOrProvinceName = match
	organizationName = match
	organizationalUnitName = optional
	commonName = supplied
	emailAddress = optional

	[ policy_anything ]
	countryName = optional
	stateOrProvinceName = optional
	localityName = optional
	organizationName = optional
	organizationalUnitName = optional
	commonName = supplied
	emailAddress = optional
	subjectAltName = optional

	[ req ]
	default_bits = 1024
	default_keyfile = privkey.pem
	distinguished_name = req_distinguished_name
	attributes = req_attributes

	string_mask = utf8only

	[ req_distinguished_name ]
	countryName = Country Name (2 letter code)
	countryName_default = US
	countryName_min = 2
	countryName_max = 2

	stateOrProvinceName = State or Province Name (full name)
	stateOrProvinceName_default = Texas

	localityName = Locality Name (eg, city)
	localityName_default = San Antonio

	0.organizationName = Organization Name (eg, company)
	0.organizationName_default = YourCompany

	organizationalUnitName = Organizational Unit Name (eg, section)
	organizationalUnitName_default = Strategic NetOps

	commonName = Common Name (IP address of the node)
	commonName_max = 64

	emailAddress = Email Address
	emailAddress_default = marek.skrobacki@example.com
	emailAddress_max = 64

	[ req_attributes ]
	challengePassword = A challenge password
	challengePassword_min = 4
	challengePassword_max = 20
	unstructuredName = An optional company name

	[ usr_cert ]
	basicConstraints=CA:FALSE
	nsComment = "OpenSSL Generated Certificate"
	subjectKeyIdentifier=hash
	authorityKeyIdentifier=keyid,issuer

	[ v3_req ]
	subjectAltName = $ENV::SAN
	basicConstraints = CA:FALSE
	keyUsage = nonRepudiation, digitalSignature, keyEncipherment

	[ ssl_client ]
	extendedKeyUsage = clientAuth,serverAuth
	basicConstraints=CA:FALSE
	nsComment = "OpenSSL Generated Certificate"
	subjectKeyIdentifier=hash
	authorityKeyIdentifier=keyid,issuer

	[ v3_ca ]
	subjectKeyIdentifier=hash
	extendedKeyUsage = clientAuth
	authorityKeyIdentifier=keyid:always,issuer
	basicConstraints = CA:true
	subjectAltName = $ENV::SAN

	[ crl_ext ]
	authorityKeyIdentifier=keyid:always

	[ proxy_cert_ext ]
	basicConstraints=CA:FALSE
	nsComment = "OpenSSL Generated Certificate"
	subjectKeyIdentifier=hash
	authorityKeyIdentifier=keyid,issuer
	proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo