HOME     = \\\\WHLBSERV4\\OpenSSL
#RANDFILE = $HOME\\.rnd

[ca]
default_ca = WHLB_CA

[WHLB_CA]
dir              = $HOME\\WHLB_CA
certs            = $dir\\certs
crl_dir          = $dir\\crl
database         = $dir\\index.txt
new_certs_dir    = $dir\\newcerts
certificate      = $certs\\WHLB_CA.cer
serial           = $dir\\serial
crl              = $crl_dir\\WHLB_CA.crl
private_key      = $dir\\private\\WHLB_CA.key
RANDFILE         = $dir\\private\\.rnd
unique_subject   = no
email_in_dn      = yes
policy           = policy_match
x509_extensions  = ca_cert
default_days     = 18250 
default_crl_days = 18250 
default_md       = md5


[ServerCA]
dir              = $HOME\\WHLB_CA
certs            = $dir\\certs
crl_dir          = $dir\\crl
database         = $dir\\index.txt
new_certs_dir    = $dir\\newcerts
certificate      = $certs\\WHLB_CA.cer
serial           = $dir\\serial
#####crl              = $crl_dir\\ServerCA.crl
crl              = $crl_dir\\WHLB_CA.crl
private_key      = $dir\\private\\WHLB_CA.key
RANDFILE         = $dir\\private\\.rnd
unique_subject   = no
email_in_dn      = yes
policy           = policy_match
x509_extensions  = ca_cert
default_days     = 18250 
default_crl_days = 18250 
default_md       = md5
#####copy_extensions  = copy
#####copy_extensions  = none

[policy_match]
countryName            = match
stateOrProvinceName    = optional
organizationName       = optional
organizationalUnitName = supplied
commonName             = supplied
emailAddress           = optional

[policy_anything]
countryName            = optional
stateOrProvinceName    = optional
localityName           = optional
organizationName       = optional
organizationalUnitName = optional
commonName             = supplied
emailAddress           = optional

[req]
default_bits       = 2048
default_keyfile    = privkey.pem
distinguished_name = req_distinguished_name
#attributes        = req_attributes
x509_extensions    = v3_ca
req_extensions     = v3_req

[req_distinguished_name]
countryName			= Country Name (2 letter code)
countryName_default		= GB
countryName_min			= 2
countryName_max			= 2
stateOrProvinceName		= State or Province Name (full name)
stateOrProvinceName_default	= West Midlands
localityName			= Locality Name (eg, city)
localityName_default            = Birmingham
0.organizationName		= Organization Name (eg, company)
0.organizationName_default	= WHLB (Certificate Authority)
organizationalUnitName		= Organizational Unit Name (eg, section)
organizationalUnitName_default	=
commonName			= Common Name (eg, YOUR name)
commonName_default		= WHLB (Certificate Authority)
commonName_max			= 64
emailAddress			= Email Address
emailAddress_max		= 64


[v3_ca]
#basicConstraints      = critical, CA:true, pathlen:0
basicConstraints      = CA:true
#nsCertType            = sslCA
#keyUsage              = cRLSign, keyCertSign
#extendedKeyUsage      = serverAuth, clientAuth
nsComment             = "OpenSSL CA Certificate"
crlDistributionPoints = URI:http://whlbserv4.whlb.local/whlb-ca/crl/WHLB_CA.crl,URI:http://remote.latchandbatchelor.co.uk/whlb-ca/crl/WHLB_CA.crl

[v3_req]
basicConstraints      = CA:FALSE
keyUsage              = nonRepudiation, digitalSignature, keyEncipherment
crlDistributionPoints = URI:http://whlbserv4.whlb.local/whlb-ca/crl/WHLB_CA.crl,URI:http://remote.latchandbatchelor.co.uk/whlb-ca/crl/WHLB_CA.crl

[ca_cert]
basicConstraints       = CA:true
nsComment              = "OpenSSL Generated Certificate"
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid, issuer:always
extendedKeyUsage       = serverAuth, clientAuth
crlDistributionPoints = URI:http://whlbserv4.whlb.local/whlb-ca/crl/WHLB_CA.crl,URI:http://remote.latchandbatchelor.co.uk/whlb-ca/crl/WHLB_CA.crl
subjectAltName        = DNS:whlbserv4,DNS:whlbserv4.whlb.local,DNS:remote.latchandbatchelor.co.uk