[ ca ] default_ca = CA_default [ CA_default ] dir = ./ca database = $dir/index.txt new_certs_dir = $dir/newcerts serial = $dir/serial x509_extensions = usr_cert name_opt = ca_default cert_opt = ca_default certificate = $dir/cacert.pem default_days = 3652 default_crl_days = 30 default_md = sha256 preserve = no private_key = $dir/cakey.pem policy = policy_default [ policy_default ] countryName = match stateOrProvinceName = match organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional [ usr_cert ] basicConstraints = CA:FALSE nsCertType = client nsComment = "OpenSSL Generated Certificate" subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer:always