RANDFILE = ./.rnd # Used as a seed for random number generation for key files
# this section is for requests
[ req ]
default_bits           = 2048 # make all private keys 2048 bits (default)
default_md             = sha256 # use sha256 (default)
prompt                 = no  # do not ask any questions you don't have to
# override with -reqexts command line switch
req_extensions         = v3_req # go look at v3_req section for the extensions def
man x509v3_config

# override with the -extensions command line switch
distinguished_name     = req_distinguished_name # section where DN information stored

# section holds Distinguished Name fields so we don't have to enter them all the time
# Instead of abbreviations used below, may also use 
# commonName, countryName, localityName, organizationName, organizationalUnitName, stateOrProvinceName
[ req_distinguished_name ]
C                      = GB
ST                     = Test State or Province
L                      = Test Locality
O                      = Organization Name
OU                     = Organizational Unit Name
CN                     = Common Name
emailAddress           = test@email.address

# used when generating certificate of authorities (ca)
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = critical, CA:true