[ req ] prompt = no distinguished_name = req_distinguished_name x509_extensions = v3_ca [ req_distinguished_name ] C = ${CA_COUNTRYCODE} ST = ${CA_STATEORTERRITORY} L = ${CA_LOCATION} O = ${CA_ORGNAME} [v3_ca] subjectKeyIdentifier = hash basicConstraints = critical,CA:TRUE keyUsage = cRLSign, keyCertSign nameConstraints = permitted;DNS:272254864.xyz