[req] distinguished_name=dn #req_extensions=ext [dn] [ext] subjectAltName= [ca] default_ca=ca1 [ca1] new_certs_dir=newcerts database=db serial=serial default_md=sha256 email_in_dn=salat policy=ca1_pol #default_days=365 x509_extensions = v3_ca [ v3_ca ] basicConstraints = critical, CA:FALSE keyUsage = critical, digitalSignature, keyEncipherment, keyAgreement extendedKeyUsage = clientAuth, serverAuth, nsSGC, msSGC [ca1_pol] commonName = optional subjectAltName = optional organizationName = optional organizationalUnitName = optional emailAddress = optional