# default section
ca_name	= private-ca

[ ca ]
default_ca = CA_default

[ CA_default ]
default_days 	= 10950
default_crl_days = 365
dir		= ./CA
certificate 	= $dir/$ca_name.crt
private_key 	= $dir/private/$ca_name.key
database	= $dir/db/database
serial 		= $dir/db/serial
crlnumber 	= $dir/db/crlnumber
new_certs_dir 	= $dir/newcerts
default_md 	= sha256
unique_subject 	= no
copy_extensions = none
policy 		= policy

[ policy ]
countryName		= optional
stateOrProvinceName	= optional
localityName		= optional
organizationName	= optional
organizationalUnitName	= optional
commonName		= supplied
emailAddress		= optional

[ req ]
default_bits 		= 4096
default_md 		= sha256
encrypt_key 		= yes
utf8 			= yes
string_mask 		= utf8only
prompt 			= no
distinguished_name	= req_distinguished_name
req_extensions		= v3_ca

[ req_distinguished_name ]
countryName     	= JP
organizationName 	= Apar Blog
commonName       	= Apar Blog Private CA

[ v3_ca ]
basicConstraints 	= critical,CA:true
keyUsage 		= critical,keyCertSign,cRLSign
subjectKeyIdentifier 	= hash