1[ ca ] 2default_ca = CA_default 3 4[ CA_default ] 5dir = ./ 6certs = $dir 7crl_dir = $dir/crl 8database = $dir/index.txt 9new_certs_dir = $dir 10certificate = $dir/ca.pem 11serial = $dir/serial 12crl = $dir/crl.pem 13private_key = $dir/ca.key 14RANDFILE = $dir/.rand 15name_opt = ca_default 16cert_opt = ca_default 17default_days = 60 18default_crl_days = 30 19default_md = sha256 20preserve = no 21policy = policy_match 22 23[ policy_match ] 24countryName = match 25stateOrProvinceName = match 26organizationName = match 27organizationalUnitName = optional 28commonName = supplied 29emailAddress = optional 30 31[ policy_anything ] 32countryName = optional 33stateOrProvinceName = optional 34localityName = optional 35organizationName = optional 36organizationalUnitName = optional 37commonName = supplied 38emailAddress = optional 39 40[ req ] 41prompt = no 42distinguished_name = client 43default_bits = 2048 44input_password = whatever 45output_password = whatever 46 47[client] 48countryName = FR 49stateOrProvinceName = Radius 50localityName = Somewhere 51organizationName = Example Inc. 52emailAddress = user@example.org 53commonName = user@example.org 54