[ req ]
default_bits        = 2048            # Size of keys
default_keyfile     = privkey.pem     # Default private key file
distinguished_name  = req_distinguished_name
prompt              = no
#string_mask         = utf8
req_extensions      = req_ext          # Extensions to add to certificate requests

[ req_distinguished_name ]
# Modify these for your network
C  = US
ST = Texas
L  = Dallas
O  = Example Corp
OU = Office
CN = example.org
emailAddress = admin@example.org

[ req_ext ]
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

# this section gets destroyed when creating server ext files
[alt_names]
DNS.1 = mydomain.com
DNS.2 = www.mydomain.com

# used when creating a CA
[ ca ]
default_ca = CA_default

[ CA_default ]
keyUsage = critical, digitalSignature, keyEncipherment
basicConstraints = CA:TRUE

# used when creating a Server Cert
[ server ]
# Extensions for server certificates
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
basicConstraints = CA:FALSE  # Specify that this is not a CA