[ ca ]
default_ca	= local_ca

[ local_ca ]
certificate	= cacert.pem
database	= db.txt
new_certs_dir	= .
private_key	= cakey.pem
serial		= serial

default_crl_days	= 365
default_days		= 1825
default_md		= md5

policy		= local_ca_policy
x509_extensions	= local_ca_extensions

[ local_ca_policy ]
commonName		= supplied
stateOrProvinceName	= supplied
countryName		= supplied
emailAddress		= supplied
organizationName	= supplied
organizationalUnitName	= supplied

[ local_ca_extensions ]
subjectAltName		= DNS:koumbit.net
basicConstraints	= CA:false
nsCertType		= server
# for client certs:
#nsCertType		= client,email

[ req ]
default_bits	= 2048
default_keyfile	= cakey.pem
default_md	= md5
encrypt_key     = no

prompt			= no
distinguished_name	= root_ca_distinguished_name
x509_extensions		= root_ca_extensions

[ root_ca_distinguished_name ]
commonName		= Koumbit Certificate Authority
stateOrProvinceName	= QC
countryName		= CA
emailAddress		= ca@koumbit.net
organizationName	= Root Certificate Authority

[ root_ca_extensions ]
basicConstraints	= CA:true
nsCertType		= server
# for client certs:
#nsCertType		= client,email