1 files changed, 19 insertions, 22 deletions
diff --git a/openssl-ca-acf.cnf b/openssl-ca-acf.cnf
index 7530240..0fa7f05 100644
--- a/openssl-ca-acf.cnf
+++ b/openssl-ca-acf.cnf
@@ -7,9 +7,6 @@
 HOME			= /etc/ssl
 RANDFILE		= /dev/urandom
 
-
-
-
 # Openssl wants to put these in the ca section; but for our purposes
 # this config file is only used by the CA, so we define them
 # for everything
@@ -19,7 +16,6 @@ certs		= $dir/certs		# Where the issued certs are kept
 crl		= $dir/crl.pem 		# The current CRL
 RANDFILE	= $dir/private/.rand	# private random number file
 
-
 # The "Certificate Type" dropdown in the web interface is built
 # from any section in which all of the CA Mandatory Entries are 
 # Defined.  The CA Mandadory Entries are:
@@ -69,14 +65,14 @@ countryName             = optional
 commonName              = supplied
 emailAddress            = optional
 localityName            = optional
-subjectAltName          = optional
 
 [ policy_acf_cert ]
+organizationName        = optional
 organizationalUnitName  = optional
+countryName             = optional
 commonName              = supplied
 emailAddress            = optional
-subjectAltName          = optional
-
+localityName            = optional
 
 ####################################################################
 # The settings for a request.  
@@ -87,6 +83,7 @@ distinguished_name	= req_distinguished_name
 attributes		= req_attributes
 x509_extensions		= v3_ca_cert
 string_mask		= nombstr
+req_extensions		= v3_req
 
 # The req section specifies the attributes that will be asked for
 # Here is where we define the fields that are presented in 
@@ -102,8 +99,14 @@ countryName_default		=
 countryName_min			= 2
 countryName_max			= 2
 
-organizationName		= Organization Name
-organizationName_default	= 
+# This is how you add multiple values; in this case we will
+# use multiple organizationNames
+
+0.organizationName		= Organization Name
+0.organizationName_default	= 
+
+1.organizationName		= Organization Name
+1.organizationName_default	= 
 
 localityName			= Locality Name (e.g. city)
 localityName_default		= 
@@ -118,19 +121,6 @@ commonName_default		=
 emailAddress			= Email Address
 emailAddress_max		= 60
 
-# This is how you add multiple values; in this case we will
-# use multiple subjectAltNames
-
-0.subjectAltName		= Alternate Name (e.g DNS:www.myotherhost.com)
-0.subjectAltName_max		= 64
-0.subjectAltName_default	=
-
-1.subjectAltName		= Additional Alt. Name (e.g DNS:www.mythirdhost.com)
-1.subjectAltName_max		= 64
-1.subjectAltName_default	=
-
-
-
 [ req_attributes ]
 challengePassword		= A challenge password
 challengePassword_min		= 4
@@ -144,10 +134,14 @@ keyUsage			= cRLSign, keyCertSign
 subjectKeyIdentifier		= hash
 authorityKeyIdentifier		= keyid,issuer:always
 
+[ v3_req ]
+subjectAltName			= $ENV::ALTNAME
+
 [ general_cert ]
 # Non-specific 
 policy				= policy_acf_cert
 x509_extensions			= general
+copy_extensions			= copy
 [ general ]
 basicConstraints		= CA:FALSE
 subjectKeyIdentifier		= hash
@@ -157,6 +151,7 @@ authorityKeyIdentifier		= keyid,issuer:always
 # SSL server
 policy				= policy_acf_cert
 x509_extensions			= ssl_server
+copy_extensions			= copy
 [ ssl_server ]
 basicConstraints		= CA:FALSE
 nsCertType			= server
@@ -169,6 +164,7 @@ authorityKeyIdentifier		= keyid,issuer:always
 # SSL client
 policy				= policy_acf_cert
 x509_extensions			= ssl_client
+copy_extensions			= copy
 [ ssl_client ] 
 basicConstraints		= CA:FALSE
 nsCertType			= client
@@ -181,6 +177,7 @@ authorityKeyIdentifier		= keyid,issuer:always
 # SSL Certifying Authority
 policy				= policy_acf_ca
 x509_extensions			= ssl_ca
+copy_extensions			= copy
 [ ssl_ca ]
 basicConstraints		= critical, CA:true
 nsCertType			= sslCA