# JS 2024-02-08
# - doplnenie rozsirujucich parametrov pre CA certifikaty podla standardu
# x509v3, ktory sa v OpenSSL 3.2 vyuzíva by default
# - parameter 'basicConstraints = CA:true' musi byt definovany!
# 
# Viac informacii:
# https://www.openssl.org/docs/manmaster/man5/x509v3_config.html

[req]
prompt = no
distinguished_name = req_distinguished_name
x509_extensions = v3_ca

[req_distinguished_name]
C = US
ST = Fake State
L = Fake Locality
O = Fake Company
# OU = Org Unit Name
# emailAddress = info@example.com
CN = local.dev

[ v3_ca ]
basicConstraints = critical, CA:true
#subjectKeyIdentifier = hash
#authorityKeyIdentifier = keyid:always,issuer
#keyUsage = critical, digitalSignature, cRLSign, keyCertSign