[ default ]
ca                      = kyouma_Root_CA
default_md              = sha256

[ req ]
utf8                    = yes
prompt                  = no
distinguished_name      = dn
req_extensions          = v3_root_req

[ ca ]
default_ca              = $ca

[ kyouma_Root_CA ]
database                = index.txt
rand_serial             = yes
new_certs_dir           = certs
certificate             = $ca.pem
private_key             = private/$ca.pem

name_opt                = multiline, -esc_msb, utf8
cert_opt                = ca_default

default_days            = 7305
default_crl_days        = 7305

unique_subject          = no
policy                  = policy_match
email_in_dn             = no
preserve                = no

copy_extensions         = none
x509_extensions         = v3_issue
crl_extensions          = v3_crl

[ policy_match ]
commonName              = supplied

[ dn ]
commonName              = kyouma Root CA

[ v3_root ]
subjectKeyIdentifier    = hash
authorityKeyIdentifier  = keyid:always
basicConstraints        = critical, CA:true
keyUsage                = critical, keyCertSign, cRLSign

[ v3_root_req ]
subjectKeyIdentifier    = hash
basicConstraints        = critical, CA:true
keyUsage                = critical, keyCertSign, cRLSign


[ v3_issue ]
subjectKeyIdentifier    = hash
authorityKeyIdentifier  = keyid:always
basicConstraints        = critical, CA:true, pathlen:0

[ v3_crl ]
authorityKeyIdentifier  = keyid:always