HOME = .

# RANDFILE = .rnd

# Extra OBJECT IDENTIFIER info:

oid_section = new_oids

[ new_oids ]

# Amateur radio callsign OID used by LotW

callSign = 1.3.6.1.4.1.12348.1.1

[ ca ]

default_ca = testca

[ testca ]

dir = ./tls-testca # Where everything is kept

certs = $dir/certs # Where the issued certs are kept

crl_dir = $dir/crl # Where the issued crl are kept

database = $dir/index.txt # database index file.

unique_subject = no # Set to 'no' to allow creation of

# several ctificates with same subject.

new_certs_dir = $dir/newcerts # default place for new certs.

certificate = $dir/cacert.pem # The CA certificate

serial = $dir/serial # The current serial number

private_key = $dir/private/cakey.pem # The private key

x509_extensions = aprsc_cert

default_md = sha256

# Comment out the following two lines for the "traditional"

# (and highly broken) format.

name_opt = ca_default # Subject Name options

cert_opt = ca_default # Certificate field options

policy = policy_client

[ policy_client ]

callSign = optional

organizationName = optional

organizationalUnitName = optional

commonName = optional

emailAddress = optional

[ req ]

distinguished_name = req_distinguished_name

default_bits = 2048

[ req_distinguished_name ]

callSign = Callsign

callSign_max = 12

commonName = Common Name (e.g. server FQDN or YOUR name)

commonName_max = 64

emailAddress = Email Address

emailAddress_max = 64

[ aprsc_cert ]

basicConstraints=CA:FALSE

keyUsage = nonRepudiation, digitalSignature, keyEncipherment

subjectKeyIdentifier=hash

authorityKeyIdentifier=keyid:always,issuer

extendedKeyUsage = clientAuth,serverAuth