4 # Use SHA-1 to verify that it does not affect the trust of root certificates.
9 distinguished_name = req_dn
10 req_extensions = req_ext
11 x509_extensions = v3_req_ext
14 0.domainComponent = "COM"
15 1.domainComponent = "EXAMPLE"
16 organizationalUnitName = "Certificate Authority"
17 commonName = "ca.example.com"
18 emailAddress = "ca@example.com"
21 subjectKeyIdentifier = hash
22 #authorityKeyIdentifier = keyid:always,issuer:always
23 basicConstraints = critical,CA:true
24 keyUsage = critical,keyCertSign,cRLSign
27 subjectKeyIdentifier = hash
28 authorityKeyIdentifier = keyid:always,issuer:always
29 basicConstraints = critical,CA:true
30 keyUsage = critical,keyCertSign,cRLSign
31 subjectAltName = email:ca@example.com
32 issuerAltName = issuer:copy