#
# Default configuration to use  when one
# is not provided on the command line.
#
[ ca ]
default_ca = local_ca


#
# Default location  of  directories  and
# files needed to generate certificates.
#
[ local_ca ]
dir              = ./rootCA
certificate      = $dir/cacert.pem
database         = $dir/index.txt
new_certs_dir    = $dir/certs
private_key      = $dir/private/cakey.pem
serial           = $dir/serial


#
# Default   expiration   and  encryption
# policies for certificates.
#
default_crl_days = 365
default_days     = 1825
default_md       = sha1

policy = local_ca_policy
x509_extensions = local_ca_extensions


#
# Default policy to use  when generating
# server   certificates.  The  following
# fields  must  be defined in the server
# certificate.
#
[ local_ca_policy ]
commonName             = supplied
stateOrProvinceName    = supplied
countryName            = supplied
emailAddress           = supplied
organizationName       = supplied
organizationalUnitName = supplied


#
# x509 extensions to use when generating
# server certificates.
#
[ local_ca_extensions ]
#subjectAltName      = DNS:altname.somewhere.com
basicConstraints    = CA:false
nsCertType          = server


#
# The   default   policy   to  use  when
# generating the root certificate.
#
[ req ]
default_bits        = 2048
default_keyfile     = ./private/cakey.pem
default_md          = sha1

prompt              = no
distinguished_name  = root_ca_distinguished_name
x509_extensions     = root_ca_extensions


#
# Root  Certificate  Authority   distin-
# guished name.  Changes these fields to
# your local environment.
#
[ root_ca_distinguished_name ]
commonName          = Your_NAME          # please update
stateOrProvinceName = Your_STATE         # please update
countryName         = CO                 # please update
emailAddress        = YOUR_EMAIL         # please update
organizationName    = YOUR_ORG_NAME      # please update

[ root_ca_extensions ]
basicConstraints    = CA:true
subjectAltName      = email:copy
issuerAltName       = issuer:copy