Initial commit
Change-Id: I6a4444e3c193dae437cd7929f4c39aba7b749efa
diff --git a/contrib/PKI/ca_script2/openssl.cnf b/contrib/PKI/ca_script2/openssl.cnf
new file mode 100644
index 0000000..2202209
--- /dev/null
+++ b/contrib/PKI/ca_script2/openssl.cnf
@@ -0,0 +1,120 @@
+# Note: for this file to be working, an environment var CA_ROOT_DIR = directory
+# must be defined and pointing to the CA top-level directory.
+
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+oid_section = new_oids
+
+[ new_oids ]
+
+
+####################################################################
+[ req ]
+default_bits = 1024
+# default_keyfile = privkey.pem
+string_mask = utf8only
+
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+req_extensions = v3_req # overwrite with -reqexts
+x509_extensions = ca_cert # overwrite with -extensions; used for self-signed keys only
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = JP
+countryName_min = 2
+countryName_max = 2
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Tokyo
+localityName = Locality Name (eg, city)
+localityName_default = Koganei
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = WIDE
+1.organizationName = Second Organization Name (eg, company)
+1.organizationName_default = NICT
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = AAA WG testbed
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 0
+challengePassword_max = 20
+unstructuredName = An optional company name
+
+[ v3_req ]
+# Extensions to add to a certificate request
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_req_ca ]
+# Extensions to add to a certificate request for CA
+basicConstraints = CA:TRUE
+
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+[ CA_default ]
+
+dir = $ENV::CA_ROOT_DIR # Where everything is kept
+certs = $dir/public # Where the issued certs are kept
+crl_dir = $dir/public # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/public # default place for new certs.
+
+certificate = $dir/public/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+crl = $dir/public/local.pem # The current CRL
+private_key = $dir/private/cakey.pem # The private key
+x509_extensions = usr_cert # The extentions to add to the cert
+ # overwrite with -extensions
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+crl_extensions = crl_ext
+
+default_days = 3650 # how long to certify for
+default_crl_days= 365 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# We accept to sign anything, but a real deployment would limit to proper domain etc...
+policy = policy_anything
+
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+[ usr_cert ]
+basicConstraints=CA:FALSE
+# This is typical in keyUsage for a client certificate.
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+[ ca_cert ]
+# Extensions for a typical CA
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = critical,CA:true # Remove "critical," in case of problems
+keyUsage = cRLSign, keyCertSign
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+[ crl_ext ]
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+