[ca]
default_ca = ca_settings

[ ca_settings ]
dir = .
certs             = $dir
crl_dir           = $dir
new_certs_dir     = $dir
database          = $dir/index
serial            = $dir/serial

private_key       = $dir/root.key
certificate       = $dir/root.pem

policy = ca_policy

[ ca_policy ]
countryName             = optional
stateOrProvinceName     = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

# Options for the `req` tool, `man req`
[ req ]
distinguished_name  = req_distinguished_name

# Extensions for a typical CA, see `man x509v3_config`
[ v3_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = critical, CA:true
keyUsage = critical, digitalSignature, keyCertSign

# Extensions for a typical intermediate CA, see `man x509v3_config`
[ v3_intermediate_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = critical, CA:true, pathlen:0
keyUsage = critical, digitalSignature, keyCertSign

[ req_distinguished_name ]
countryName            = Country Name (2 letter code)
stateOrProvinceName    = State or Province Name
localityName           = Locality Name
0.organizationName     = Organization Name
organizationalUnitName = Organizational Unit Name
commonName             = Common Name
emailAddress           = Email Address

countryName_default            = NA
stateOrProvinceName_default    = NA
localityName_default           = NA
0.organizationName_default     = NA
organizationalUnitName_default = NA
emailAddress_default           = NA
commonName_default             = stfe testdata