#
# Net-SNMP Certificate Generation and Management Tool Configuration
#

# default mode to non-interactive
# interactive = false

# location of 'tls' directory relative to configuration dir
# tlsDir = ./tls

# encryptCA = false - XXX not-implemented
# encryptCrt = false - XXX not-implemented

# default valid lifetime duration for CA certificates
# caDays = 1825

# default valid lifetime duration for certificates
# crtDays = 365

# default key types generated
# keyType = rsa

# default key size generated
# keySize = 2048

# default type of message digest used
# msgDigest = sha1

# to set individual defaults, a specific identity may be indicated
# on the net-snmp-cert command line: '--identity <id>' or '-i <id>'
# values defined at the global/file level will be used unless
# overriden by values supplied in the specified identity.
 
identity = {
   id = nocadm
   host = net-snmp.org
   cn = Client-identity
   email = admin@net-snmp.org
   org = Net-SNMP Developers
   orgUnit = SNMP-DTLS
   country = US
   state = MA
   locality = Boston

   # 10 years
   caDays = 3654
   # 2 years
   crtDays = 730

   subjectAltName = email:client@net-snmp.org
   subjectAltName = URI:http://net-snmp.org
};

identity = {
   id = CA-identity
   host = net-snmp.org
   cn = CA-identity
   email = ca-admin@net-snmp.org
   org = Net-SNMP Developers
   orgUnit = SNMP-DTLS
   country = US
   state = MA
   locality = Boston

   # 10 years
   caDays = 1000
   # 2 years
   crtDays = 500

   subjectAltName = DNS:test.net-snmp.org
};