[ default ]
ca                      = kyouma_Issuing_CA
default_md              = sha256

[ req ]
utf8                    = yes
prompt                  = no
distinguished_name      = dn
req_extensions          = v3_issue_req

[ ca ]
default_ca              = $ca

[ kyouma_Issuing_CA ]
database                = index.txt
rand_serial             = yes
new_certs_dir           = certs
certificate             = ./$ca.pem
private_key             = private/$ca.pem

name_opt                = multiline, -esc_msb, utf8
cert_opt                = ca_default

default_days            = 7305
default_crl_days        = 7305

unique_subject          = no
policy                  = policy_match
email_in_dn             = no
preserve                = no

copy_extensions         = copy
x509_extensions         = v3_cert
crl_extensions          = v3_crl

[ policy_match ]
commonName              = supplied
UID                     = supplied

[ dn ]
commonName              = kyouma Issuing CA

[ v3_issue_req ]
subjectKeyIdentifier    = hash
basicConstraints        = critical, CA:true, pathlen:0

[ v3_cert ]
subjectKeyIdentifier    = hash
authorityKeyIdentifier  = keyid:always
basicConstraints        = critical, CA:false
keyUsage                = critical, digitalSignature
extendedKeyUsage        = clientAuth, anyExtendedKeyUsage

[ v3_crl ]
authorityKeyIdentifier  = keyid:always