From f1242ada05f25e2a483af75b07cf4ce8545c1e33 Mon Sep 17 00:00:00 2001
From: Jan Dittberner <jan@dittberner.info>
Date: Wed, 4 May 2011 21:58:03 +0200
Subject: [PATCH] add configuration for client certificate requests

---
 clientcsr.conf | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 clientcsr.conf

diff --git a/clientcsr.conf b/clientcsr.conf
new file mode 100644
index 0000000..d125e5b
--- /dev/null
+++ b/clientcsr.conf
@@ -0,0 +1,46 @@
+# Request configuration for CA certificate
+#
+# Author: Jan Dittberner <jan@dittberner.info>
+# Date:   2011-05-04
+
+RANDFILE		= $ENV::HOME/ca/.rnd
+
+[ req ]
+default_bits		= 2048
+distinguished_name	= req_distinguished_name
+x509_extensions	        = v3_client_ext
+
+# This sets a mask for permitted string types. There are several options. 
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+string_mask             = nombstr
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= DE
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Saxony
+
+localityName			= Locality Name (eg, city)
+localityName_default            = Example Town
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Example Organization
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+organizationalUnitName_default	= Example Lab
+
+commonName			= Common Name (eg, YOUR name)
+commonName_max			= 64
+commonName_default              = Example Lab Client
+
+emailAddress			= Email Address
+emailAddress_max		= 64
+emailAddress_default            = client@example.org
+
+[ v3_client_ext ]
+basicConstraints                = critical, CA:false
+keyUsage                        = keyEncipherment,digitalSignature
+extendedKeyUsage                = clientAuth