crl_dir = $dir/crl
database = $dir/index.txt
new_certs_dir = $dir
-certificate = $dir/server.pem
+certificate = $dir/ca.pem
serial = $dir/serial
crl = $dir/crl.pem
-private_key = $dir/server.key
+private_key = $dir/ca.key
RANDFILE = $dir/.rand
name_opt = ca_default
cert_opt = ca_default
default_bits = 2048
input_password = whatever
output_password = whatever
+x509_extensions = v3_ca
[certificate_authority]
countryName = FR
organizationName = Example Inc.
emailAddress = admin@example.com
commonName = "Example Certificate Authority"
+
+[v3_ca]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+basicConstraints = CA:true