name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
crl_extensions = crl_ext
-default_days = 3650 # how long to certify for
+default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = default # use public key default MD
preserve = no # keep passed DN ordering
policy = policy_match
[ policy_match ]
-countryName = match
-stateOrProvinceName = match
-organizationName = match
+countryName = optional
+stateOrProvinceName = optional
+organizationName = optional
organizationalUnitName = optional
-commonName = supplied
+commonName = optional
emailAddress = optional
[ policy_anything ]
localityName = optional
organizationName = optional
organizationalUnitName = optional
-commonName = supplied
+commonName = optional
emailAddress = optional
[ req ]
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
-stateOrProvinceName = State or Province Name (full name)
+#stateOrProvinceName = State or Province Name (full name)
#localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
-organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
## DEFAULT VALUES
##
countryName_default = DE
-stateOrProvinceName_default = Berlin
+#stateOrProvinceName_default = Berlin
#localityName_default = Berlin
0.organizationName_default = Example
-organizationalUnitName_default = People
+#organizationalUnitName_default = Certificate Authorities
+commonName_default = Certificate Authority
[ req_attributes ]
#challengePassword = A challenge password
basicConstraints = critical,CA:true
# keyUsage = cRLSign, keyCertSign
-subjectAltName=email:copy
+#subjectAltName=email:copy
issuerAltName=issuer:copy
[ crl_ext ]