[ ca ] default_ca = local_ca [ local_ca ] dir = /opt/LocalCA certificate = $dir/cacert.pem database = $dir/index.txt new_certs_dir = $dir/certs private_key = $dir/private/cakey.pem serial = $dir/serial default_crl_days = 365 default_days = 1825 default_md = md5 policy = local_ca_policy x509_extensions = local_ca_extensions [ local_ca_policy ] commonName = supplied stateOrProvinceName = supplied countryName = supplied emailAddress = supplied organizationName = supplied organizationalUnitName = supplied [ local_ca_extensions ] subjectAltName = DNS:altname.somewhere.com basicConstraints = CA:false nsCertType = server [ req ] default_bits = 2048 default_keyfile = /opt/LocalCA/private/cakey.pem default_md = md5 prompt = no distinguished_name = root_ca_distinguished_name x509_extensions = root_ca_extensions [ root_ca_distinguished_name ] commonName = Local Lab Root Certificate Authority stateOrProvinceName = Some State countryName = US emailAddress = root@somename.somewhere.com organizationName = Root Certificate Authority [ root_ca_extensions ] basicConstraints = CA:true