[ ca ]
default_ca	= CA_default		# The default ca section

[ CA_default ]

dir             = /etc/freeswan/ipsec.d # Where everything is kept
private_key     = $dir/private/ca.key	# The private key

certs           = $dir/cacerts            # Where the issued certs are kept
crl_dir         = $dir/crls              # Where the issued crl are kept
database        = $dir/../index.txt        # database index file.
new_certs_dir   = $dir/newcerts         # default place for new certs.

certificate     = $dir/cacerts/ca.crt       # The CA certificate
serial          = $dir/serial           # The current serial number
crl             = $crl_dir/crl.pem          # The current CRL
RANDFILE        = $dir/private/.rand    # private random number file

x509_extensions = usr_cert              # The extentions to add to the cert

# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions        = crl_ext

{

  if ($CreateServerCert) {
  my ($first,$second) = split( ' ', $CreateServerCert);
	my $Country = "";
	my $CommonName = "";
	my $OrganizationName = "";
	my $OrganizationalUnitName = "";
	my $days = "";
	my $Locality = "";
	my $bits= "";
	my $crl_days= "";
	my $emailAddress= "";
	my $State= "";
	foreach ( split( ',', eval ('$'.$first) ) ) {
					my ($item, $attr_list) = /(\S+)\s*\((.*)\)/;
					if ($item eq $second) {
									my @vals = split (' ', $attr_list);
									foreach $val (@vals) {
													my ($attr, $value) = split ('\s*=\s*', $val);
													if ($attr eq "Country") {
																	$Country = $value;
													} elsif ($attr eq "CommonName") {
																	$CommonName = $value;
													} elsif ($attr eq "OrganizationName") {
																	$OrganizationName = $value;
													} elsif ($attr eq "OrganizationalUnitName") {
																	$OrganizationalUnitName = $value;
													} elsif ($attr eq "days") {
																	$days = $value;
													} elsif ($attr eq "Locality") {
																	$Locality = $value;
													} elsif ($attr eq "bits") {
																	$bits = $value;
													} elsif ($attr eq "crl_days") {
																	$crl_days = $value;
													} elsif ($attr eq "emailAddress") {
																	$emailAddress = $value;
													} elsif ($attr eq "State") {
																	$State = $value;
													}
									}
					}
	}
$OUT .= "default_days\t=$days\n";
$OUT .= "default_crl_days\t=$crl_days\n";
$OUT .= "default_md\t=md5\n";
$OUT .= "preserve\t=no\n";
$OUT .= "\n";
$OUT .= "[ req ]\n";
$OUT .= "default_bits\t= $bits\n";
$OUT .= "distinguished_name\t= req_distinguished_name\n";
$OUT .= "prompt\t= no\n";
$OUT .= "[ req_distinguished_name ]\n";
$OUT .= "C=$Country\n";
$OUT .= "ST=$State\n";
$OUT .= "L=$Locality\n";
$OUT .= "O=$OrganizationName\n";
$OUT .= "OU=$OrganizationalUnitName\n";
$OUT .= "CN=$CommonName\n";
$OUT .= "emailAddress=$emailAddress";
}
}
