[ ca ]
default_ca = ca_default

[ ca_default ]
new_certs_dir = ./ca/certs
database = ./ca/db
serial = ./ca/serial.txt
policy = generic_policy
copy_extensions   = copy
default_md = sha256
default_days = 3650
unique_subject = no

[ req ]
distinguished_name  = generic_policy

[ generic_policy ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = optional
emailAddress = optional

[ alternate_names ]
DNS.1       = localhost
DNS.2       = localhost.localdomain
DNS.3       = 127.0.0.1

[ ca_extensions ]
keyUsage = critical,digitalSignature,nonRepudiation,keyEncipherment,keyCertSign
basicConstraints = critical,CA:true,pathlen:1
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = critical,CA:true
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
authorityInfoAccess = caIssuers;URI:https://example.com/certs
crlDistributionPoints   = URI:https://example.com/crl

[ server_extensions ]
keyUsage                = critical,digitalSignature,keyEncipherment
extendedKeyUsage        = serverAuth,clientAuth
subjectKeyIdentifier    = hash
authorityKeyIdentifier  = keyid:always
authorityInfoAccess     = caIssuers;URI:https://example.com/certs
crlDistributionPoints   = URI:https://example.com/crl
subjectAltName          = @alternate_names

[ signer_extensions ]
keyUsage = critical,digitalSignature,nonRepudiation,keyEncipherment
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
keyUsage = critical, digitalSignature
authorityInfoAccess = caIssuers;URI:https://example.com/certs/
crlDistributionPoints   = URI:https://example.com/crl