browser_csr_generation/ca.cnf

extensions = v3_ext

[ca]
default_ca = EXAMPLECA

[EXAMPLECA]
dir             = ./exampleca
certs           = $dir/certs
crl_dir         = $dir/crl
database        = $dir/index.txt
new_certs_dir   = $dir/newcerts
serial          = $dir/serial
crl             = $dir/crl.pem
certificate     = $dir/ca.crt.pem
serial          = $dir/serial
crl             = $dir/crl.pem
private_key     = $dir/private/ca.key.pem
RANDFILE        = $dir/private/.rand
unique_subject  = no
email_in_dn     = no
default_md      = sha256

[policy_match]
commonName      = supplied

[client_ext]
basicConstraints       = critical,CA:false
keyUsage               = keyEncipherment,digitalSignature,nonRepudiation
extendedKeyUsage       = clientAuth,emailProtection
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid:always,issuer:always