osslconfexamples/rootreq.conf

# Request configuration for CA certificate
#
# Author: Jan Dittberner <jan@dittberner.info>
# Date:   2015-02-03

RANDFILE                        = $ENV::HOME/ca/.rnd

[ req ]
default_bits                    = 4096
distinguished_name              = req_distinguished_name
x509_extensions                 = v3_ca_ext
utf8                            = yes
default_md                      = sha256
string_mask                     = utf8only

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = DE
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Saxony

localityName                    = Locality Name (eg, city)
localityName_default            = Example Town

0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = Example Organization

organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Example Lab

commonName                      = Common Name (eg, YOUR name)
commonName_max                  = 64
commonName_default              = Example Lab Root CA

emailAddress                    = Email Address
emailAddress_max                = 64
emailAddress_default            = rootca@example.org

[ v3_ca_ext ]
basicConstraints                = critical, CA:true, pathlen:1
keyUsage                        = critical, keyCertSign,cRLSign
nsComment                       = "Example Labs Root Certificate"

# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid:always,issuer:always