#
# OpenSSL example configuration file.

HOME            = .
RANDFILE        = $ENV::HOME/.rnd

####################################################################
[ ca ]
default_ca  = CA_default        # The default ca section

[ CA_default ]
default_days		= 365          # how long to certify for
default_crl_days	= 365            # how long before next CRL
default_md			= sha512        # use public key default MD
preserve			= no            # keep passed DN ordering

x509_extensions		= ca_extensions     # The extensions to add to the cert

email_in_dn		= no            # Don't concat the email in the DN
copy_extensions	= copy          # Required to copy SANs from CSR to cert

####################################################################
[ req ]
default_bits		= 4096
distinguished_name	= req_distinguished_name
string_mask			= utf8only
default_md			= sha512
x509_extensions		= v3_ca
req_extensions		= v3_req

####################################################################
[ req_distinguished_name ]
0.organizationName			= Organization Name (eg, company)
0.organizationName_default	= somenet.org

organizationalUnitName		= Organizational Unit Name (eg, section)
organizationalUnitName_default	= CertGen

commonName					= Common Name (e.g. server FQDN or YOUR name)
commonName_max				= 64

emailAddress				= Email Address
emailAddress_max			= 64

####################################################################
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = CERTGEN_DNS_ALT_NAMES

####################################################################
[ v3_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = CA:true

####################################################################