authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
default_days    = 365
[ca]
default_ca = CA_default
[ CA_default ]
dir = ca
certs		= $dir/certsdb
new_certs_dir	= $certs
database	= $dir/index.txt
certificate	= $dir/cacert.pem
private_key	= $dir/private/cakey.pem
serial		= $dir/serial
crldir		= $dir/crl
crlnumber	= $dir/crlnumber
crl		= $crldir/crl.pem
RANDFILE	= $dir/private/.rand
default_md      = sha1
policy          = policy_match
[ policy_match ]
countryName             = match
stateOrProvinceName     = match
localityName            = supplied
organizationName        = match
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional