extensions = v3_ext [ca] default_ca = EXAMPLECA [rootca] dir = ./example_ca/root certs = $dir/certs crl_dir = $dir/crl database = $dir/index.txt serial = $dir/serial new_certs_dir = $dir/newcerts crl = $dir/crl.pem certificate = $dir/ca.crt.pem private_key = $dir/private/ca.key.pem RANDFILE = $dir/private/.rand policy = policy_any unique_subject = no email_in_dn = no copy_extensions = none default_md = sha256 default_days = 1825 default_crl_days = 30 [EXAMPLECA] dir = ./example_ca/sub certs = $dir/certs crl_dir = $dir/crl database = $dir/index.txt serial = $dir/serial new_certs_dir = $dir/newcerts crl = $dir/crl.pem certificate = $dir/ca.crt.pem private_key = $dir/private/ca.key.pem RANDFILE = $dir/private/.rand unique_subject = no email_in_dn = no default_md = sha256 default_days = 365 default_crl_days = 30 [policy_any] countryName = match stateOrProvinceName = optional organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional [policy_match] commonName = supplied [client_ext] basicConstraints = critical,CA:false keyUsage = keyEncipherment,digitalSignature,nonRepudiation extendedKeyUsage = clientAuth,emailProtection subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always [req] default_bits = 3072 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = root_ca [req_distinguished_name] countryName = Country Name (2 letter code) countryName_default = CH countryName_min = 2 countryName_max = 2 localityName = Locality Name (eg, city) organizationName = Organization Name (eg, company) organizationalUnitName = Organizational Unit Name (eg, section) commonName = Common Name (e.g. server FQDN or YOUR name) commonName_max = 64 [req_attributes] [root_ca] basicConstraints = critical,CA:true,pathlen:1 subjectKeyIdentifier = hash [sub_ca] basicConstraints = critical,CA:true,pathlen:0 subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always