[ ca ]
default_ca = default_CA
[ default_CA ]
dir = .
certs = .
new_certs_dir = ca.db.certs
database = ca.db.index
serial = ca.db.serial
RANDFILE = random-bits
certificate = int1.crt
private_key = int1.key
default_days = 500
default_crl_days = 30
default_md = sha256
preserve = no
x509_extensions = server_cert
policy = policy_anything
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ server_cert ]
#subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid
extendedKeyUsage = serverAuth,clientAuth,msSGC,nsSGC
basicConstraints = critical,CA:true