[ req ]
default_bits        = 2048
default_md          = sha256
default_keyfile     = rootCA.key
distinguished_name  = req_distinguished_name
x509_extensions     = v3_ca
req_extensions      = v3_req
string_mask         = utf8only

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = AT
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Universe

localityName                    = Locality Name (eg, city)
localityName_default            = Milkiway

organizationName                = Organization Name (eg, company)
organizationName_default        = g.raf engineering

organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Department of Network and Data Science

commonName                      = Common Name (eg, YOUR name)
commonName_default              = aaa.sunriax.local
commonName_max                  = 64

emailAddress                    = Email Address
emailAddress_default            = your@mail.com
emailAddress_max                = 64

[ v3_ca ]

subjectKeyIdentifier     = hash
authorityKeyIdentifier   = keyid:always,issuer:always
basicConstraints         = critical, CA:true, pathlen:0
keyUsage                 = critical, digitalSignature, cRLSign, keyCertSign

[ v3_req ]

subjectKeyIdentifier     = hash
basicConstraints         = critical, CA:false
keyUsage                 = digitalSignature, nonRepudiation, keyEncipherment
extendedKeyUsage         = serverAuth
subjectAltName           = @alternate_names

[ alternate_names ]

DNS.1       = aaa.sunriax.local
DNS.2       = 192.168.0.1
#DNS.3      = ...
#IP.1       = 192.168.0.1
#IP.2       = ...