[ca]
default_ca = CA_default

[CA_default]
database = dir/index.txt
serial = dir/serial.txt
new_certs_dir = ./certdir
private_key = rca-private-key.pem
default_days = 365
certificate = rca-signed-cert.pem
default_md = sha256
policy = policy_any
email_in_dn = no

[ICA_default]
database = idir/index.txt
serial = idir/serial.txt
new_certs_dir = ./icertdir
private_key = ica-private-key.pem
default_days = 365
certificate = ica-signed-cert.pem
default_md = sha256
policy = policy_any
email_in_dn = no

[policy_any]
countryName            = supplied
stateOrProvinceName    = optional
organizationName       = optional
organizationalUnitName = optional
commonName             = optional
emailAddress           = optional


[ v3_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = critical, CA:true
keyUsage = critical, keyCertSign, cRLSign


[ v3_intermediate_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = critical, CA:true, pathlen:0
keyUsage = critical, digitalSignature, cRLSign, keyCertSign