# This file contains the configuration for all the CAs.

[ req ]
prompt                 = no

# Extensions for CA certs
[ v3_ca ]
basicConstraints = CA:true

# Root CA, used to sign the certificates of the intermediary server and
# client CAs.
[ root_ca ]
dir = ./ssl/
database = ./ssl/root_ca-certindex
serial = ./ssl/root_ca.srl
default_md = sha256
default_days= 10000
default_crl_days= 10000
certificate = ./ssl/root_ca.crt
private_key = ./ssl/root_ca.key
new_certs_dir = ./ssl/new_certs_dir
policy					= policy_match
email_in_dn				= no

# CA used to sign all the server certificates.
[ server_ca ]
dir = ./ssl/
database = ./ssl/server_ca-certindex
default_md = sha256
default_days= 10000
default_crl_days= 10000
certificate = ./ssl/server_ca.crt
private_key = ./ssl/server_ca.key
new_certs_dir = ./ssl/new_certs_dir
serial = ./ssl/server_ca.srl
policy					= policy_match
email_in_dn				= no
unique_subject = no
crl = ./ssl/server.crl

# CA used to sign all the client certificates.
[ client_ca ]
dir = ./ssl/
database = ./ssl/client_ca-certindex
default_md = sha256
default_days= 10000
default_crl_days= 10000
certificate = ./ssl/client_ca.crt
private_key = ./ssl/client_ca.key
new_certs_dir = ./ssl/new_certs_dir
serial = ./ssl/client_ca.srl
policy					= policy_match
email_in_dn				= no
unique_subject = no
crl = ./ssl/client.crl

# This is common for all CAs.
[ policy_match ]
countryName = optional
stateOrProvinceName = optional
organizationName = optional
organizationalUnitName = optional
commonName = optional
emailAddress = optional