1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
| [ CA_default ] req_extensions = v3_req
[ v3_req ] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage = serverAuth
[ v3_server_client ] basicConstraints = critical, CA:FALSE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always, issuer:always keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, keyAgreement extendedKeyUsage = critical, serverAuth, clientAuth crlDistributionPoints = URI:https://example.com/xxx.crl
[ v3_sign ] basicConstraints = critical, CA:FALSE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always, issuer:always keyUsage = critical, digitalSignature extendedKeyUsage = critical, codeSigning
[ v3_ca ] basicConstraints = critical, CA:true subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer keyUsage = critical, cRLSign, digitalSignature, keyCertSign crlDistributionPoints=URI:https://example.com/root.crl
[ crl_ext ] authorityKeyIdentifier=keyid:always, issuer:always
|