zer.ooo-web/views/etc/openssl-ca.conf.twig

distinguished_name = req_distinguished_name
[ca]
default_ca=ca_default
[req_distinguished_name]
[v3_req]
[v3_ca]
[ca_default]
crl_extensions=crl_ext
private_key=storage/ca/ca.key
certificate=storage/ca/ca.crt
new_certs_dir=storage/ca/certs/
database=storage/ca/database
default_md=sha256
policy=policy_only_commonname
serial=storage/ca/serial
crlnumber=storage/ca/crl_serial
default_crl_days=1
[policy_only_commonname]
countryName             = optional
stateOrProvinceName     = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional
[req]
x509_extensions = client_ext
[server_ext]
basicConstraints = CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier = keyid,issuer:always
extendedKeyUsage = serverAuth
keyUsage = digitalSignature,keyEncipherment
crlDistributionPoints = URI:http://{{ host }}/crl
[client_ext]
subjectKeyIdentifier=hash
basicConstraints = CA:FALSE
crlDistributionPoints = URI:http://{{ host }}/crl
[ca_ext]
basicConstraints = CA:TRUE
subjectKeyIdentifier=hash
crlDistributionPoints = URI:http://{{ host }}/crl
[crl_ext]
authorityKeyIdentifier=keyid:always