# @(#)91 1.4.1.1 src/bos/usr/lib/nim/methods/SSL_client.cnf.sh, cmdnim, bos72D, d2016_23A0 6/3/16 12:25:44
# IBM_PROLOG_BEGIN_TAG 
# This is an automatically generated prolog. 
#  
# bos72D src/bos/usr/lib/nim/methods/SSL_client.cnf.sh 1.4.1.1 
#  
# Licensed Materials - Property of IBM 
#  
# COPYRIGHT International Business Machines Corp. 2004,2016 
# All Rights Reserved 
#  
# US Government Users Restricted Rights - Use, duplication or 
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp. 
#  
# IBM_PROLOG_END_TAG 

[ ca ]
default_ca	= exampleca

[ exampleca ]
dir              = /ssl_nimsh
certificate      = $dir/certs/client.pem
database         = $dir/index.txt
new_certs_dir    = $dir/certs
private_key      = $dir/private/clientkey.pem
serial           = $dir/certs/serial
 
default_crl_days = 7
default_days     = 365
default_md       = sha256
 
policy           = exampleca_policy
x509_extensions  = certificate_extensions
 
[ exampleca_policy ]
countryName            = supplied
stateOrProvinceName    = supplied
localityName           = supplied
organizationName       = supplied
organizationalUnitName = optional
emailAddress           = optional
 
[ req ]
default_bits           = 2048
default_md             = sha256
encrypt_key            = no

prompt                 = no
distinguished_name     = req_distinguished_name
x509_extensions        = req_extensions

# the following sections are specific to the request we're building       
# this data is verified during client certificate negotiation
# - always use FQDN for NIM authentication.

[ certificate_extensions ]
basicConstraints       = CA:false
subjectAltName         = DNS:gollum.austin.ibm.com,DNS:localhost

[ req_distinguished_name ]
countryName            = US
stateOrProvinceName    = Texas
localityName           = Austin
organizationName       = ibm.com

[ req_extensions ]
basicConstraints       = CA:true
subjectAltName         = DNS:gollum.austin.ibm.com,DNS:localhost