[Version]
Signature= "$Windows NT$"

[certsrv_server]
; set certificate key length. This entry is used only during CA certificate renewal with new key pair. 
RenewalKeyLength = 2048
; Set Root CA certificate validity period. This entry is affected only to Root CAs
; because subordinate CA certificate validity period is determined by parent CA.
RenewalValidityPeriodUnits = 10
RenewalValidityPeriod = years
; Set Base CRL validity period to 90 days (or 3 months).
CRLPeriodUnits = 90
CRLPeriod = days
; Set CRL overlap settings. Overlap extends CRL validity period to a reasonable time that may be
; necessary to copy new CRL from an offline CA and manually distribute to required locations.
; In a given example CRL validity is extended to 2 weeks.
CRLOverlapUnits = 2
CRLOverlapPeriod = weeks
; Disable Delta CRL (that are uncommon for offline CAs.
CRLDeltaPeriodUnits = 0
CRLDeltaPeriod = hours
; Enable alternate signature extensions.
AlternateSignatureAlgorithm = 1