CERTPATHLEN             = 1
CERTUSAGE               = digitalSignature,keyCertSign,cRLSign
EXTCERTUSAGE            = serverAuth,clientAuth
CADB                    = index.txt
CASERIAL                = serial.txt
NSCERTTYPE              = server,client

[ x509v3_extensions ]
nsCertType                      = 0x40

[ x509v3_CA ]
basicConstraints                = critical,CA:true,pathlen:$ENV::CERTPATHLEN
keyUsage                        = $ENV::CERTUSAGE

[ ca ]
default_ca                      = CA_default

[ CA_sign_policy ]
countryName                     = optional
stateOrProvinceName             = optional
localityName                    = optional
organizationName                = optional
organizationalUnitName          = optional
commonName                      = supplied
emailAddress                    = optional

[ CA_default ]
database                        = $ENV::CADB
serial                          = $ENV::CASERIAL
default_md                      = sha256
default_days                    = 3650
default_crl_days                = 3650
unique_subject                  = yes
email_in_dn                     = yes
policy                          = CA_sign_policy