# ===========Configuration for healthcare certificate with NPI and FHIR endpoint ===========
# =================== update configuration manually with your values =======================
[req]
default_bit = 4096
distinguished_name = req_distinguished_name
prompt = no
x509_extensions = v3_ca

# Subject details
[req_distinguished_name]
countryName             = US
stateOrProvinceName     = California
localityName            = Sausalito
organizationName        = Example Organization
commonName              = John Hancock, MD
emailAddress            = jhancock@example.org

[v3_ca]
basicConstraints = CA:FALSE
keyUsage=nonRepudiation, digitalSignature, keyEncipherment
# 1.2.840.113549.1.9.16.2.47 = ASN1:SEQUENCE:commitment_type  # custom extensio

# SAN extension
subjectAltName = @alt_names

# SAN entries for FHIR and NPI
[alt_names]
DNS.1 = www.example.org
otherName.1 = 2.16.840.1.113883.4.6;UTF8:9941339100
URI.1 = https://example.org/fhir/Practitioner/123

# Optional custom extension for the commitment type:
# The FHIR Signature SHALL include a "srCms signer commitments" element for the Purpose(s) of Signature. 
# [commitment_type]
# commitmentTypeId = OID:1.2.840.10065.1.12.1.5
# commitmentTypeQualifier = UTF8:Verification of medical record integrity
# EOF
# don't edit the previous line