# This openssl.conf is used to generate the private key and the certificate used
# for signing and encryption of the SAML communication between the eID-Login
# app/plugin as Service Provider and the Identity Provider.
####################################################################
[ ca ]
    default_ca = ca_eidlogin           # The default ca section

####################################################################
[ ca_eidlogin ]
    default_days     = 730             # How long to certify for
    default_crl_days = 30              # How long before next CRL
    default_md       = sha256          # Use public key default MD
    encrypt_rsa_key  = yes             #encrypt_key
    preserve         = no              # Keep passed DN ordering
    copy_extensions  = copy            # Required to copy SANs from CSR to cert
    x509_extensions  = x509_extensions # The extensions to add to the cert

####################################################################
[ req ]
    default_bits       = 2048
    string_mask        = utf8only
    default_md         = sha256
    distinguished_name = fake_dn
    x509_extensions    = x509_extensions

####################################################################
[ x509_extensions ]
    subjectKeyIdentifier   = hash
    authorityKeyIdentifier = keyid:always, issuer
    basicConstraints       = critical, CA:false
    keyUsage               = digitalSignature, keyEncipherment

# ####################################################################
[ fake_dn ] #empty section