# OpenSSL configuration file. [ req ] # Options for the `req` tool (`man req`). default_bits = 2048 distinguished_name = req_distinguished_name prompt = no # SHA-1 is deprecated, so use SHA-2 instead. default_md = sha256 # Try to force use of PrintableString throughout string_mask = pkix [ req_distinguished_name ] C=GB ST=London L=London O=Google OU=Eng CN=FakeIntermediateAuthority [ v3_user ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer keyUsage = critical, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, encipherOnly, decipherOnly [ v3_user_serverAuth ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer keyUsage = critical, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, encipherOnly, decipherOnly extendedKeyUsage = serverAuth [ v3_user_plus ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer keyUsage = critical, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, encipherOnly, decipherOnly extendedKeyUsage = serverAuth,2.16.840.1.113741.1.2.3