[ ca ]
default_ca      = CA_default            # The default ca section

[ CA_default ]
dir            = .                     # top dir
database       = $dir/index.txt        # index file.
new_certs_dir  = $dir/certs            # new certs dir
serial         = $dir/serial           # serial no file
RANDFILE       = $dir/private/.rand    # random number file

private_key    = $dir/private/ca.key.pem# CA private key
certificate    = $dir/ca.cert.pem       # The CA cert

default_startdate = 19700101000000Z
default_enddate = 99991231235959Z

default_crl_days= 30                   # how long before next CRL

default_md     = sha256                # md to use
policy         = policy_any            # default policy
email_in_dn    = no                    # Don't add the email into cert DN
name_opt       = ca_default            # Subject name display option
cert_opt       = ca_default            # Certificate display option
copy_extensions = none                 # Don't copy extensions from request

[ policy_any ]
organizationName       = match
commonName             = supplied

[ req ]
default_bits           = 2048
distinguished_name     = req_distinguished_name
x509_extensions        = v3_leaf
encrypt_key = no
default_md = sha256

[ req_distinguished_name ]
commonName                     = Common Name (eg, YOUR name)
commonName_max                 = 64

[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:TRUE

[ v3_inter ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:TRUE,pathlen:0

[ v3_leaf ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:FALSE