1[req]
2default_bits = {{DEFUALT_BITS}}
3default_md = {{DEFAULT_MD}}
4distinguished_name = dn
5prompt = no
6encrypt_key = no
7
8[dn]
9CN = {{SPIFFE_PATH}}.{{TRUST_DOMAIN_FQDN}}
10OU = {{ORGANIZATIONAL_UNIT}}
11O = {{ORGANIZATION}}
12
13[v3-root]
14subjectKeyIdentifier=hash
15authorityKeyIdentifier=keyid:always,issuer:always
16basicConstraints=critical,CA:TRUE
17keyUsage=critical,keyCertSign,cRLSign
18subjectAltName=URI:spiffe://root
19
20[v3-intermediate]
21subjectKeyIdentifier=hash
22authorityKeyIdentifier=keyid:always,issuer:always
23basicConstraints=critical,CA:TRUE
24keyUsage=critical,keyCertSign,cRLSign
25subjectAltName=URI:spiffe://{{TRUST_DOMAIN_FQDN}}
26
27
28[v3-leaf]
29subjectAltName=critical,URI:spiffe://{{TRUST_DOMAIN_FQDN}}/{{SPIFFE_PATH}}
30keyUsage = critical,digitalSignature,keyEncipherment,nonRepudiation
31basicConstraints = CA:falseView as plain text