[ ca ]
default_ca               = CA_default
[ CA_default ]
dir                      = /etc/openvpn/easy-rsa/keys
crl_dir                  = $dir/crl
database                 = $dir/index.txt
new_certs_dir            = $dir/certs
certificate              = $dir/ca.crt
serial                   = $dir/serial
crl                      = $dir/crl.pem
private_key              = $dir/ca.key
RANDFILE                 = $dir/.rand
default_days             = 3650
default_crl_days         = 30
default_md               = md5
unique_subject           = yes
policy                   = policy_any
x509_extensions          = user_extensions
[ policy_any ]
organizationName         = match
organizationalUnitName   = optional
commonName               = supplied
[ req ]
default_bits             = 2048
default_keyfile          = privkey.pem
distinguished_name       = req_distinguished_name
x509_extensions          = CA_extensions
[ req_distinguished_name ]
organizationName         = Organization Name (must match CA)
organizationName_default = Company
organizationalUnitName   = Location Name
commonName               = Common User or Org Name
commonName_max           = 64
[ user_extensions ]
basicConstraints         = CA:FALSE
[ CA_extensions ]
basicConstraints         = CA:TRUE
default_days             = 3650
[ server ]
basicConstraints         = CA:FALSE
nsCertType               = server