davxiao · October 11, 2020 02:57
diff --git a/ca.conf b/ca.conf
 [ ca ]
 default_ca = ca_default

 [ ca_default ]
 dir = ./ca
 certs = $dir
 new_certs_dir = $dir/ca.db.certs
 database = $dir/ca.db.index
 serial = $dir/ca.db.serial
 RANDFILE = $dir/ca.db.rand
 certificate = $dir/ca.crt
 private_key = $dir/ca.key
 default_days = 365
 default_crl_days = 30
 # SHA-1 is deprecated, so use SHA-2 instead.
 default_md = sha256
 preserve = no
 policy = generic_policy

 [ generic_policy ]
 countryName = optional
 stateOrProvinceName = optional
 localityName = optional
 organizationName = optional
 organizationalUnitName = optional
 commonName = optional
 emailAddress = optional

 [ req ]
 # Options for the `req` tool (`man req`).
 default_bits = 2048
 string_mask = utf8only

 # SHA-1 is deprecated, so use SHA-2 instead.
 default_md = sha256

 # Extension to add when the -x509 option is used.
 x509_extensions = v3_ca
	[ ca ]
	default_ca = ca_default

	[ ca_default ]
	dir = ./ca
	certs = $dir
	new_certs_dir = $dir/ca.db.certs
	database = $dir/ca.db.index
	serial = $dir/ca.db.serial
	RANDFILE = $dir/ca.db.rand
	certificate = $dir/ca.crt
	private_key = $dir/ca.key
	default_days = 365
	default_crl_days = 30
	# SHA-1 is deprecated, so use SHA-2 instead.
	default_md = sha256
	preserve = no
	policy = generic_policy

	[ generic_policy ]
	countryName = optional
	stateOrProvinceName = optional
	localityName = optional
	organizationName = optional
	organizationalUnitName = optional
	commonName = optional
	emailAddress = optional

	[ req ]
	# Options for the `req` tool (`man req`).
	default_bits = 2048
	string_mask = utf8only

	# SHA-1 is deprecated, so use SHA-2 instead.
	default_md = sha256

	# Extension to add when the -x509 option is used.
	x509_extensions = v3_ca