1HOME = . 2default_ca = ca 3config_diagnostics = 1 4 5#################################################################### 6 7[ req ] 8x509_extensions = v3_ca 9 10#################################################################### 11 12[ usr_cert ] 13basicConstraints = critical, CA:FALSE 14keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment 15subjectKeyIdentifier = hash 16##authorityInfoAccess = OCSP;URI:http://127.0.0.1:19254/ocsp 17# we do not include aia in the cert. 18# we use the s_server option "-status_url" to specify the url. 19 20#################################################################### 21 22[ v3_ca ] 23subjectKeyIdentifier = hash 24authorityKeyIdentifier = keyid:always 25basicConstraints = critical,CA:true 26keyUsage = critical, cRLSign, keyCertSign 27 28#################################################################### 29 30# Minimal CA entry to allow generation of CRLs. 31[ ca ] 32default_md = sha256 33database = index.txt 34crlnumber = crlnum.txt 35
