distinguished_name = req_distinguished_name [ca] default_ca=ca_default [req_distinguished_name] [v3_req] [v3_ca] [ca_default] crl_extensions=crl_ext private_key=storage/ca/ca.key certificate=storage/ca/ca.crt new_certs_dir=storage/ca/certs/ database=storage/ca/database default_md=sha256 policy=policy_only_commonname serial=storage/ca/serial crlnumber=storage/ca/crl_serial default_crl_days=1 [policy_only_commonname] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [req] x509_extensions = client_ext [server_ext] basicConstraints = CA:FALSE subjectKeyIdentifier=hash authorityKeyIdentifier = keyid,issuer:always extendedKeyUsage = serverAuth keyUsage = digitalSignature,keyEncipherment crlDistributionPoints = URI:http://{{ host }}/crl [client_ext] subjectKeyIdentifier=hash basicConstraints = CA:FALSE crlDistributionPoints = URI:http://{{ host }}/crl [ca_ext] basicConstraints = CA:TRUE subjectKeyIdentifier=hash crlDistributionPoints = URI:http://{{ host }}/crl [crl_ext] authorityKeyIdentifier=keyid:always