# OpenSSL configuration file.

[ req ]
# Options for the `req` tool (`man req`).
default_bits        = 2048
distinguished_name  = req_distinguished_name
prompt              = no
# SHA-1 is deprecated, so use SHA-2 instead.
default_md          = sha256
# Try to force use of PrintableString throughout
string_mask         = pkix

[ req_distinguished_name ]
C=GB
ST=London
L=London
O=Google
OU=Eng
CN=FakeIntermediateAuthority

[ v3_user ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
keyUsage = critical, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, encipherOnly, decipherOnly

[ v3_user_serverAuth ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
keyUsage = critical, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, encipherOnly, decipherOnly
extendedKeyUsage = serverAuth

[ v3_user_plus ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
keyUsage = critical, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, encipherOnly, decipherOnly
extendedKeyUsage = serverAuth,2.16.840.1.113741.1.2.3