# default section
.include = CA/private-ca.cnf

[ CA_default ]
default_days	= 3650
x509_extensions	= v3_client

[ v3_client ]
basicConstraints        = critical,CA:false
authorityKeyIdentifier  = keyid:always
crlDistributionPoints   = URI:http://crl.apar.jp/private-ca.crl
authorityInfoAccess 	= caIssuers;URI:http://crl.apar.jp/private-ca.crt
extendedKeyUsage        = clientAuth
keyUsage                = critical,digitalSignature
subjectKeyIdentifier    = hash