# UTF-8 encoded RANDFILE = /dev/urandom [ req ] default_bits = 4096 default_keyfile = privkey.pem encrypt_key = yes default_md = sha1 string_mask = utf8only utf8 = yes prompt = no distinguished_name = req_distinguished_name [ req_distinguished_name ] organizationName = 填写你自己的组织名 [ ca ] default_ca = CA_default [ CA_default ] dir = /etc/openssl certificate = $dir/cacert.pem private_key = $dir/private/cakey.pem serial = $dir/serial new_certs_dir = $dir/newcerts certs = $dir/certs database = $dir/index.txt crl = $dir/crl.pem crl_dir = $dir/crl unique_subject = yes default_md = sha1 preserve = no name_opt = ca_default cert_opt = ca_default default_days = 365 default_crl_days = 30 copy_extensions = none policy = policy_match [ policy_match ] organizationName = match