# default section
.include = CA/private-ca.cnf

[ CA_default ]
default_days	= 365
x509_extensions	= v3_server

[ v3_server ]
subjectAltName		    = DNS:www.example.com
basicConstraints        = critical,CA:false
authorityKeyIdentifier  = keyid:always
crlDistributionPoints   = URI:http://crl.apar.jp/private-ca.crl
authorityInfoAccess     = caIssuers;URI:http://crl.apar.jp/private-ca.crt
extendedKeyUsage        = serverAuth
keyUsage                = critical,digitalSignature,keyEncipherment
subjectKeyIdentifier    = hash