[ ca ]
default_ca = devca

[ crl_ext ]
authorityKeyIdentifier=keyid:always

[ devca ]
new_certs_dir = /tmp
unique_subject = no
certificate = /tmp/root.cer
database = /tmp/certindex
private_key = /tmp/root.key
serial = /tmp/serialfile
default_days = 1
default_md = sha1
policy = devca_policy
x509_extensions = devca_extensions

[ devca_policy ]
commonName = supplied
stateOrProvinceName = supplied
countryName = supplied
emailAddress = optional
organizationName = supplied
organizationalUnitName = optional

[ devca_extensions ]
basicConstraints = CA:false
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always
keyUsage = digitalSignature,keyEncipherment
extendedKeyUsage = codeSigning
crlDistributionPoints = URI:http://path.to.crl/devca.crl