# X.509 Certificate options

#

# DN options

# The organization of the subject.

organization = "Koko inc."

# The organizational unit of the subject.

unit = "sleeping dept."

# The locality of the subject.

# locality =

# The state of the certificate owner.

state = "Attiki"

# The country of the subject. Two letter code.

country = GR

# The common name of the certificate owner.

cn = "Cindy Lauper"

# A user id of the certificate owner.

#uid = "clauper"

# Set domain components

#dc = "name"

#dc = "domain"

# If the supported DN OIDs are not adequate you can set

# any OID here.

# For example set the X.520 Title and the X.520 Pseudonym

# by using OID and string pairs.

#dn_oid = 2.5.4.12 Dr. 

#dn_oid = 2.5.4.65 jackal

# This is deprecated and should not be used in new

# certificates.

# pkcs9_email = "none@@none.org"

# An alternative way to set the certificate's distinguished name directly

# is with the "dn" option. The attribute names allowed are:

# C (country), street, O (organization), OU (unit), title, CN (common name),

# L (locality), ST (state), placeOfBirth, gender, countryOfCitizenship, 

# countryOfResidence, serialNumber, telephoneNumber, surName, initials, 

# generationQualifier, givenName, pseudonym, dnQualifier, postalCode, name, 

# businessCategory, DC, UID, jurisdictionOfIncorporationLocalityName, 

# jurisdictionOfIncorporationStateOrProvinceName,

# jurisdictionOfIncorporationCountryName, XmppAddr, and numeric OIDs.

#dn = "cn = Nikos,st = New\, Something,C=GR,surName=Mavrogiannopoulos,2.5.4.9=Arkadias"

# The serial number of the certificate

# Comment the field for a time-based serial number.

serial = 007

# In how many days, counting from today, this certificate will expire.

# Use -1 if there is no expiration date.

expiration_days = 700

# Alternatively you may set concrete dates and time. The GNU date string 

# formats are accepted. See:

# https://www.gnu.org/software/tar/manual/html_node/Date-input-formats.html

#activation_date = "2004-02-29 16:21:42"

#expiration_date = "2025-02-29 16:24:41"

# X.509 v3 extensions

# A dnsname in case of a WWW server.

#dns_name = "www.none.org"

#dns_name = "www.morethanone.org"

# A subject alternative name URI

#uri = "https://www.example.com"

# An IP address in case of a server.

#ip_address = "192.168.1.1"

# An email in case of a person

email = "none@@none.org"

# Challenge password used in certificate requests

challenge_password = 123456

# Password when encrypting a private key

#password = secret

# An URL that has CRLs (certificate revocation lists)

# available. Needed in CA certificates.

#crl_dist_points = "https://www.getcrl.crl/getcrl/"

# Whether this is a CA certificate or not

#ca

# for microsoft smart card logon

# key_purpose_oid = 1.3.6.1.4.1.311.20.2.2

### Other predefined key purpose OIDs

# Whether this certificate will be used for a TLS client

#tls_www_client

# Whether this certificate will be used for a TLS server

#tls_www_server

# Whether this certificate will be used to sign data (needed

# in TLS DHE ciphersuites).

signing_key

# Whether this certificate will be used to encrypt data (needed

# in TLS RSA ciphersuites). Note that it is preferred to use different

# keys for encryption and signing.

encryption_key

# Whether this key will be used to sign other certificates.

#cert_signing_key

# Whether this key will be used to sign CRLs.

#crl_signing_key

# Whether this key will be used to sign code.

#code_signing_key

# Whether this key will be used to sign OCSP data.

#ocsp_signing_key

# Whether this key will be used for time stamping.

#time_stamping_key

# Whether this key will be used for IPsec IKE operations.

#ipsec_ike_key

### end of key purpose OIDs

# When generating a certificate from a certificate

# request, then honor the extensions stored in the request

# and store them in the real certificate.

#honor_crq_extensions

# Path length constraint. Sets the maximum number of

# certificates that can be used to certify this certificate.

# (i.e. the certificate chain length)

#path_len = -1

#path_len = 2

# OCSP URI

# ocsp_uri = https://my.ocsp.server/ocsp

# CA issuers URI

# ca_issuers_uri = https://my.ca.issuer

# Certificate policies

#policy1 = 1.3.6.1.4.1.5484.1.10.99.1.0

#policy1_txt = "This is a long policy to summarize"

#policy1_url = https://www.example.com/a-policy-to-read

#policy2 = 1.3.6.1.4.1.5484.1.10.99.1.1

#policy2_txt = "This is a short policy"

#policy2_url = https://www.example.com/another-policy-to-read

# Name constraints

# DNS

#nc_permit_dns = example.com

#nc_exclude_dns = test.example.com

# EMAIL

#nc_permit_email = "nmav@@ex.net"

# Exclude subdomains of example.com

#nc_exclude_email = .example.com

# Exclude all e-mail addresses of example.com

#nc_exclude_email = example.com

# Options for proxy certificates

#proxy_policy_language = 1.3.6.1.5.5.7.21.1

# Options for generating a CRL

# The number of days the next CRL update will be due.

# next CRL update will be in 43 days

#crl_next_update = 43

# this is the 5th CRL by this CA

# Comment the field for a time-based number.

#crl_number = 5

# TLS feature extensions (RFC 7633)

# If the status_request TLS extension is set, OCSP stapling becomes mandatory

#tls_feature = 5