--- a/templates/ca Tue Jan 26 23:43:31 2010 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,128 +0,0 @@
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-#HOME = .
-#RANDFILE = $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file = $ENV::HOME/.oid
-#oid_section = new_oids
-
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-[% IF not cadir %]
-[% THROW param "missing ca dir" %]
-[% END %]
-
-dir = [% cadir %]
-certs = $dir/certs # Where the issued certs are kept
-crl_dir = $dir/crl # Where the issued crl are kept
-database = $dir/index # database index file.
-#unique_subject = no # Set to 'no' to allow creation of
- # several ctificates with same subject.
-new_certs_dir = $dir/newcerts # default place for new certs.
-
-[% IF not cacrt %]
-[% THROW param "missing ca crt" %]
-[% END %]
-
-certificate = [% cacrt %] # The CA certificate
-serial = $dir/serial # The current serial number
-crlnumber = $dir/crlnumber # the current crl number
- # must be commented out to leave a V1 CRL
-crl = $dir/crl.pem # The current CRL
-
-[% IF not cakey %]
-[% THROW param "missing ca key" %]
-[% END %]
-
-private_key = [% cakey %] # The private key
-
-RANDFILE = $dir/.rand # private random number file
-
-x509_extensions = usr_cert # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt = ca_default # Subject Name options
-cert_opt = ca_default # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions = crl_ext
-
-[% DEFAULT days = 365 %]
-default_days = [% days %] # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
-preserve = no # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-[% DEFAULT policy = de %]
-policy = [% policy %]
-
-# For the CA policy
-[ policy_de ]
-countryName = match
-stateOrProvinceName = supplied
-organizationName = supplied
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-####################################################################
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-[% IF type %]
-# This is OK for an SSL server.
-nsCertType = [% type %]
-[% END %]
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-nsCaRevocationUrl = https://ssl.schlittermann.de/ca/ca-crl.pem
-nsRevocationUrl = https://ssl.schlittermann.de/ca/crt-crl.pem