1ID=1 2CA_DIR=out 3 4[ca] 5default_ca = ca_settings 6preserve = yes 7 8[ca_settings] 9dir = ${ENV::CA_DIR} 10database = $dir/${ENV::ID}-index.txt 11new_certs_dir = $dir 12serial = $dir/${ENV::ID}-serial 13certificate = $dir/${ENV::ID}.pem 14private_key = $dir/${ENV::ID}.key 15RANDFILE = $dir/rand 16default_md = sha1 17default_days = 3650 18policy = policy_anything 19unique_subject = no 20copy_extensions = copy 21 22[policy_anything] 23# Default signing policy 24countryName = optional 25stateOrProvinceName = optional 26localityName = optional 27organizationName = optional 28organizationalUnitName = optional 29commonName = optional 30emailAddress = optional 31 32[req] 33default_bits = 2048 34default_md = sha1 35string_mask = utf8only 36prompt = no 37encrypt_key = no 38distinguished_name = req_env_dn 39 40[user_cert] 41# Extensions to add when signing a request for an EE cert 42basicConstraints = critical, CA:false 43extendedKeyUsage = serverAuth,clientAuth 44 45[ca_cert] 46# Extensions to add when signing a request for an intermediate/CA cert 47basicConstraints = critical, CA:true 48keyUsage = critical, keyCertSign, cRLSign 49 50[req_env_dn] 51CN = ${ENV::COMMON_NAME} 52