HOME            = .
RANDFILE        = $ENV::HOME/.rnd

####################################################################
[ req ]
prompt = no
default_bits       = 2048
default_keyfile    = clientkey.pem
distinguished_name = client_distinguished_name
req_extensions     = client_req_extensions
string_mask        = utf8only

####################################################################
[ client_distinguished_name ]
countryName          = DE
organizationName     = Customer X
commonName           = Customer
emailAddress         = test@client.com

####################################################################
[ client_req_extensions ]

subjectKeyIdentifier = hash
basicConstraints     = CA:FALSE
keyUsage             = digitalSignature, keyEncipherment
subjectAltName       = @alternate_names
nsComment            = "OpenSSL Generated Certificate"

####################################################################
[ ca ]
default_ca    = CA_default      # The default ca section

[ CA_default ]

default_days     = 1000         # How long to certify for
default_crl_days = 30           # How long before next CRL
default_md       = sha256       # Use public key default MD
preserve         = no           # Keep passed DN ordering

x509_extensions = ca_extensions # The extensions to add to the cert

email_in_dn     = no            # Don't concat the email in the DN
copy_extensions = copy          # Required to copy SANs from CSR to cert
base_dir      = .
certificate   = $base_dir/clientcert.pem   # The CA certifcate
private_key   = $base_dir/clientkey.pem    # The CA private key
new_certs_dir = $base_dir              # Location for new certs after signing
database      = $base_dir/index-ri.txt    # Database index file
serial        = $base_dir/serial-ri.txt   # The current serial number

unique_subject = no  # Set to 'no' to allow creation of
                     # several certificates with same subject.

####################################################################
[ signing_policy ]
countryName            = optional
stateOrProvinceName    = optional
localityName           = optional
organizationName       = optional
organizationalUnitName = optional
commonName             = supplied
emailAddress           = optional

####################################################################
[ signing_req ]
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid,issuer
# authorityKeyIdentifier = issuer
basicConstraints       = CA:FALSE
keyUsage               = digitalSignature, keyEncipherment

####################################################################
[ alternate_names ]

DNS.1  = ramuller.zoo.dynamic.nsn-net.net
DNS.2  = www.client.com
DNS.3  = mail.client.com
DNS.4  = ftp.client.com