1[ ca ] 2default_ca = CA_default 3 4[ CA_default ] 5# Directory and file locations. 6dir = root_ca 7certs = $dir/certs 8crl_dir = $dir/crl 9new_certs_dir = $dir/newcerts 10database = $dir/index.txt 11serial = $dir/serial 12RANDFILE = $dir/private/.rand 13 14# The root key and root certificate. 15private_key = root_ca/root_priv_key.pem 16certificate = root_ca/root_cert.pem 17 18# For certificate revocation lists. 19# crlnumber = $dir/crlnumber 20# crl = $dir/crl/intermediate.crl.pem 21# crl_extensions = crl_ext 22# default_crl_days = 30 23 24# SHA-1 is deprecated, so use SHA-2 instead. 25default_md = sha256 26 27name_opt = ca_default 28cert_opt = ca_default 29default_days = 375 30preserve = no 31policy = policy_loose 32 33 34[ policy_loose ] 35countryName = optional 36stateOrProvinceName = optional 37localityName = optional 38organizationName = optional 39organizationalUnitName = optional 40commonName = optional 41serialNumber = optional 42 43[ req ] 44default_bits = 2048 45default_md = sha256 46prompt = no 47encrypt_key = no 48distinguished_name = dn 49#req_extensions = req_ext 50 51[ dn ] 52C = DE 53ST = Bavaria 54L= Garching 55O= Fraunhofer AISEC 56OU = HWS 57CN = $ENV::common_name 58 59 60#[ req_ext ] 61#subjectAltName = test 62 63#$ENV::subject 64 65
