[ ca ] default_ca = CA_default [ CA_default ] dir = /home/hashi/myCA/myRoot certs = $dir/cert crl_dir = $dir/crl new_certs_dir = $dir/issued_certs database = $dir/data/index.dat serial = $dir/data/serial.dat RANDFILE = $dir/private/.rand private_key = $dir/private/myRoot.key certificate = $dir/cert/myRoot.cer crlnumber = $dir/data/crl_number crl = $dir/crl/myRoot.crl crl_extensions = crl_ext default_crl_days = 30 default_md = sha256 name_opt = ca_default cert_opt = ca_default default_days = 3650 preserve = no policy = policy_any email_in_dn = no [ policy_any ] countryName = supplied stateOrProvinceName = optional organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional [ req ] default_bits = 2048 distinguished_name = req_distinguished_name string_mask = utf8only default_md = sha256 x509_extensions = v3_ca [ req_distinguished_name ] countryName = Country Name (2 letter code) stateOrProvinceName = State or Province Name localityName = Locality Name 0.organizationName = Organization Name organizationalUnitName = Organizational Unit Name commonName = Common Name emailAddress = Email Address countryName_default = stateOrProvinceName_default = localityName_default = 0.organizationName_default = CyberHashira organizationalUnitName_default = PKI emailAddress_default = pki@home.lab [ v3_ca ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer keyUsage = critical, digitalSignature, cRLSign, keyCertSign basicConstraints = critical, CA:true, pathlen:2 crlDistributionPoints = URI:http://myCA/myRoot.crl [ v3_intermediate_ca ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer basicConstraints = critical, CA:true, pathlen:0 keyUsage = critical, digitalSignature, cRLSign, keyCertSign crlDistributionPoints = URI:http://myCA/myIssuing.crl authorityInfoAccess = caIssuers;URI:http://myCA/myRoot.cer