##================================================================
##============== Example OpenSSL configuration file ==============
##================================================================

#  References:
#
#  /etc/ssl/openssl.conf
#  http://www.openssl.org/docs/apps/config.html
#  http://www.openssl.org/docs/apps/x509v3_config.html

[ ca ]
default_ca              = my_ca

[ my_ca ]
certificate             = test-ca.crt
private_key             = test-ca.key
database                = index
serial                  = serial

new_certs_dir           = newcerts
default_crl_days        = 60
default_days            = 730
default_md              = sha1
policy                  = my_policy
x509_extensions         = v3_usr

[ my_policy ]
countryName             = optional
stateOrProvinceName     = optional
organizationName        = match
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

[ req ]
distinguished_name      = my_req_dn
x509_extensions         = v3_ca

[ my_req_dn ]
countryName             = Country Name..............
countryName_min         = 2
countryName_max         = 2
stateOrProvinceName     = State or Province Name....
localityName            = Locality Name.............
0.organizationName      = Organization Name.........
organizationalUnitName  = Org. Unit Name............
commonName              = Common Name (required)....
commonName_max          = 64
emailAddress            = Email Address.............
emailAddress_max        = 64

[ v3_ca ]
basicConstraints        = CA:TRUE
subjectKeyIdentifier    = hash
authorityKeyIdentifier  = keyid:always,issuer:always

[ v3_usr ]
basicConstraints        = CA:FALSE
subjectKeyIdentifier    = hash
authorityKeyIdentifier  = keyid,issuer