1#################################################################### 2[ req ] 3default_bits = 2432 4default_keyfile = cakey.pem 5default_md = sha256 6distinguished_name = req_DN 7string_mask = utf8only 8x509_extensions = v3_selfsign 9 10[ req_DN ] 11commonName = "Common Name" 12commonName_value = "CA" 13 14[ v3_selfsign ] 15basicConstraints = critical,CA:true 16keyUsage = keyCertSign 17subjectKeyIdentifier=hash 18 19#################################################################### 20[ ca ] 21default_ca = CA_default # The default ca section 22 23#################################################################### 24[ CA_default ] 25 26dir = ./demoCA 27certificate = ./demoCA/cacert.pem 28serial = ./demoCA/serial 29private_key = ./demoCA/private/cakey.pem 30new_certs_dir = ./demoCA/newcerts 31 32certificate = cacert.pem 33private_key = cakey.pem 34 35x509_extensions = v3_user 36 37name_opt = ca_default # Subject Name options 38cert_opt = ca_default # Certificate field options 39 40policy = policy_anything 41 42[ policy_anything ] 43countryName = optional 44stateOrProvinceName = optional 45localityName = optional 46organizationName = optional 47organizationalUnitName = optional 48commonName = supplied 49emailAddress = optional 50 51[ v3_user ] 52basicConstraints=critical,CA:FALSE 53subjectKeyIdentifier=hash 54authorityKeyIdentifier=keyid,issuer 55issuerAltName=issuer:copy 56 57