[ca] default_ca = CA_default [CA_default] dir = ./ database = $dir/index.txt new_certs_dir = ./ serial = $dir/serial private_key = ./rootca.key certificate = ./rootca.crt default_days = 3650 default_md = sha256 policy = policy_anything copy_extensions = copyall [policy_anything] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ req ] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = v3_req [ req_distinguished_name ] countryName = Country Name (2 letter code) stateOrProvinceName = State or Province Name (full name) localityName = Locality Name (eg, city) organizationName = Organization Name (eg, company) commonName = Common Name (e.g. server FQDN or YOUR name) [ v3_req ] subjectAltName = @alternate_names [alternate_names] DNS.1 = helm.sh IP.1 = 127.0.0.1