1# This file contains the configuration for all the CAs. 2 3[ req ] 4prompt = no 5 6# Extensions for CA certs 7[ v3_ca ] 8basicConstraints = CA:true 9 10# Root CA, used to sign the certificates of the intermediary server and 11# client CAs. 12[ root_ca ] 13dir = ./ssl/ 14database = ./ssl/root_ca-certindex 15serial = ./ssl/root_ca.srl 16default_md = sha256 17default_days= 10000 18default_crl_days= 10000 19certificate = ./ssl/root_ca.crt 20private_key = ./ssl/root_ca.key 21new_certs_dir = ./ssl/new_certs_dir 22policy = policy_match 23email_in_dn = no 24 25# CA used to sign all the server certificates. 26[ server_ca ] 27dir = ./ssl/ 28database = ./ssl/server_ca-certindex 29default_md = sha256 30default_days= 10000 31default_crl_days= 10000 32certificate = ./ssl/server_ca.crt 33private_key = ./ssl/server_ca.key 34new_certs_dir = ./ssl/new_certs_dir 35serial = ./ssl/server_ca.srl 36policy = policy_match 37email_in_dn = no 38unique_subject = no 39crl = ./ssl/server.crl 40 41# CA used to sign all the client certificates. 42[ client_ca ] 43dir = ./ssl/ 44database = ./ssl/client_ca-certindex 45default_md = sha256 46default_days= 10000 47default_crl_days= 10000 48certificate = ./ssl/client_ca.crt 49private_key = ./ssl/client_ca.key 50new_certs_dir = ./ssl/new_certs_dir 51serial = ./ssl/client_ca.srl 52policy = policy_match 53email_in_dn = no 54unique_subject = no 55crl = ./ssl/client.crl 56 57# This is common for all CAs. 58[ policy_match ] 59countryName = optional 60stateOrProvinceName = optional 61organizationName = optional 62organizationalUnitName = optional 63commonName = optional 64emailAddress = optional 65