[ca]
default_ca = CA_default

[CA_default]
dir = ./
database = $dir/index.txt
new_certs_dir = ./
serial = $dir/serial
private_key = ./rootca.key
certificate = ./rootca.crt
default_days = 3650
default_md = sha256
policy = policy_anything
copy_extensions = copyall

[policy_anything]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional

[ req ]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions    = v3_req

[ req_distinguished_name ]
countryName                 = Country Name (2 letter code)
stateOrProvinceName         = State or Province Name (full name)
localityName               = Locality Name (eg, city)
organizationName           = Organization Name (eg, company)
commonName                 = Common Name (e.g. server FQDN or YOUR name)

[ v3_req ]
subjectAltName = @alternate_names

[alternate_names]
DNS.1   = helm.sh
IP.1    = 127.0.0.1