jeremysuriel/openssl.conf

## openssl.conf
dir = .

[ ca ]
default_ca = CA_default

[ CA_default ]
serial = $dir/serial
database = $dir/index.txt
new_certs_dir = $dir/newcerts
certificate  = $dir/cacert.pem
private_key = $dir/private/cakey.pem
default_days = 365
default_md  = sha256
preserve = no
email_in_dn  = no
nameopt = default_ca
certopt = default_ca
policy = policy_match

[ policy_match ]
commonName = supplied
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
emailAddress = optional

[ req ]
default_bits = 2048
default_keyfile = priv.pem
default_md = sha256
distinguished_name = req_distinguished_name
req_extensions = v3_req
encyrpt_key = no

[ req_distinguished_name ]

[ v3_ca ]
basicConstraints = critical,CA:TRUE
subjectKeyIdentifier = hash

[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
	dir = .

	[ ca ]
	default_ca = CA_default

	[ CA_default ]
	serial = $dir/serial
	database = $dir/index.txt
	new_certs_dir = $dir/newcerts
	certificate = $dir/cacert.pem
	private_key = $dir/private/cakey.pem
	default_days = 365
	default_md = sha256
	preserve = no
	email_in_dn = no
	nameopt = default_ca
	certopt = default_ca
	policy = policy_match

	[ policy_match ]
	commonName = supplied
	countryName = optional
	stateOrProvinceName = optional
	localityName = optional
	organizationName = optional
	organizationalUnitName = optional
	emailAddress = optional

	[ req ]
	default_bits = 2048
	default_keyfile = priv.pem
	default_md = sha256
	distinguished_name = req_distinguished_name
	req_extensions = v3_req
	encyrpt_key = no

	[ req_distinguished_name ]

	[ v3_ca ]
	basicConstraints = critical,CA:TRUE
	subjectKeyIdentifier = hash

	[ v3_req ]
	basicConstraints = CA:FALSE
	subjectKeyIdentifier = hash