[req] distinguished_name=dn #req_extensions=ext [dn] commonName = cn [ext] subjectAltName= [ca] default_ca=ca1 [ca1] new_certs_dir=testca/newcerts database=testca/db serial=testca/serial default_md=sha256 email_in_dn=salat policy=ca1_pol #default_days=365 x509_extensions = v3_ca [ v3_ca ] basicConstraints = critical, CA:FALSE keyUsage = critical, digitalSignature, keyEncipherment, keyAgreement extendedKeyUsage = clientAuth, serverAuth, nsSGC, msSGC [ca1_pol] commonName = optional subjectAltName = optional