HOME = . default_ca = ca config_diagnostics = 1 #################################################################### [ req ] x509_extensions = v3_ca #################################################################### [ usr_cert ] basicConstraints = critical, CA:FALSE keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment subjectKeyIdentifier = hash ##authorityInfoAccess = OCSP;URI:http://127.0.0.1:19254/ocsp # we do not include aia in the cert. # we use the s_server option "-status_url" to specify the url. #################################################################### [ v3_ca ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always basicConstraints = critical,CA:true keyUsage = critical, cRLSign, keyCertSign #################################################################### # Minimal CA entry to allow generation of CRLs. [ ca ] default_md = sha256 database = index.txt crlnumber = crlnum.txt