[ ca ]
default_ca      = CA_default

[ CA_default ]
dir              = --CA_DIR--
certs            = $dir/certs
crl_dir          = $dir/crl
database         = $dir/index.txt
unique_subject  = no
new_certs_dir    = $dir/newcerts
certificate      = $dir/cert.pem
serial           = $dir/serial
crlnumber        = $dir/crlnumber
crl              = $dir/crl.pem
private_key      = $dir/key.pem
RANDFILE         = $dir/.rand
default_days     = 365     # how long to certify for
default_crl_days = 30      # how long before next CRL
default_md       = sha1      # which md to use.
x509_extensions  = usr_cert

[ policy_anything ]
countryName            = optional
stateOrProvinceName    = optional
localityName           = optional
organizationName       = optional
organizationalUnitName = optional
commonName             = supplied
emailAddress           = optional

[ usr_cert ]
basicConstraints       = CA:FALSE
nsCertType             = server
nsComment              = "OpenSSL Generated Certificate"
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid,issuer
subjectAltName         = --DOMAINS--