HOME            = .
RANDFILE        = $ENV::HOME/.rnd

####################################################################
[ ca ]
default_ca    = CA_default

[ CA_default ]

default_days     = 1000
default_crl_days = 1000
default_md       = sha256
preserve         = no
x509_extensions = ca_extensions
copy_extensions = copy

certificate   = ca.crt
private_key   = ca.key
new_certs_dir = .
database      = index.txt
serial        = serial.txt

####################################################################
[ req ]
default_bits       = 4096
default_keyfile    = ca.key
distinguished_name = distinguished_name
x509_extensions    = ca_extensions
string_mask        = utf8only

####################################################################
[ distinguished_name ]
commonName         = Common Name
commonName_default = CA

####################################################################
[ ca_extensions ]

subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid:always, issuer
basicConstraints       = critical, CA:true
keyUsage               = keyCertSign, cRLSign

####################################################################
[ signing_policy ]
commonName             = supplied

####################################################################
[ signing_req ]
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid,issuer
basicConstraints       = CA:FALSE
keyUsage               = digitalSignature, keyEncipherment