1[req] 2encrypt_key = no 3utf8 = yes 4string_mask = utf8only 5prompt = no 6distinguished_name = req_dn 7req_extensions = req_ext 8 9[req_dn] 10commonName = "Intermediate" 11 12[req_ext] 13subjectKeyIdentifier = hash 14keyUsage = critical,keyCertSign,cRLSign 15basicConstraints = critical,CA:true 16 17[ca] 18default_ca = root_ca 19 20[root_ca] 21certificate = out/Intermediate.pem 22new_certs_dir = out 23serial = out/Intermediate.serial 24database = out/Intermediate.db 25unique_subject = no 26default_days = 365 27default_md = sha256 28policy = policy_anything 29email_in_dn = no 30preserve = yes 31name_opt = multiline,-esc_msb,utf8 32cert_opt = ca_default 33copy_extensions = copy 34x509_extensions = signing_ca_ext 35default_crl_days = 30 36crl_extensions = crl_ext 37private_key = keys/Intermediate.key 38 39[policy_anything] 40domainComponent = optional 41countryName = optional 42stateOrProvinceName = optional 43localityName = optional 44organizationName = optional 45organizationalUnitName = optional 46commonName = optional 47emailAddress = optional 48 49[signing_ca_ext] 50subjectKeyIdentifier = hash 51authorityKeyIdentifier = keyid:always 52authorityInfoAccess = @issuer_info 53crlDistributionPoints = @crl_info 54 55[issuer_info] 56caIssuers;URI.0 = http://url-for-aia/Intermediate.cer 57 58[crl_info] 59URI.0 = http://url-for-crl/Intermediate.crl 60 61[crl_ext] 62authorityKeyIdentifier = keyid:always 63authorityInfoAccess = @issuer_info 64 65