[ ca ]
default_ca             = ca_default

[ ca_default ]
certificate            = crts/ca.crt
private_key            = keys/ca.key
serial                 = txt/ca.srl
database               = txt/ca.idx
#new_certs_dir          = signed
new_certs_dir          = crts
#default_md             = default
default_md             = sha512
policy                 = policy_anything
preserve               = yes
default_days           = 90
unique_subject         = no

[ policy_anything ]
countryName            = optional
stateOrProvinceName    = optional
localityName           = optional
organizationName       = optional
organizationalUnitName = optional
commonName             = optional
emailAddress           = optional

[ cross ]
basicConstraints       = critical,CA:true
keyUsage               = critical,cRLSign,keyCertSign

[ codesigning ]
keyUsage                = digitalSignature
extendedKeyUsage        = codeSigning