# db OpenSSL configuration file. SAN = "IP:127.0.0.1, IP:172.17.0.1, DNS:host.docker.internal" dir = . [ ca ] default_ca = db_ca [ db_ca ] certs = $dir/certs certificate = $dir/certs/ca.crt crl = $dir/crl.pem crl_dir = $dir/crl crlnumber = $dir/crlnumber database = $dir/index.txt email_in_dn = no new_certs_dir = $dir/newcerts private_key = $dir/private/ca.key serial = $dir/serial RANDFILE = $dir/private/.rand name_opt = ca_default cert_opt = ca_default default_days = 3650 default_crl_days = 30 default_md = sha512 preserve = no policy = policy_db [ policy_db ] organizationName = optional commonName = supplied [ req ] default_bits = 1024 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca string_mask = utf8only req_extensions = db_client [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = US countryName_min = 2 countryName_max = 2 commonName = Common Name (FQDN) 0.organizationName = Organization Name (eg, company) 0.organizationName_default = db-ca [ req_attributes ] [ v3_ca ] basicConstraints = CA:true keyUsage = keyCertSign,cRLSign subjectKeyIdentifier = hash [ db_client ] basicConstraints = CA:FALSE extendedKeyUsage = clientAuth keyUsage = digitalSignature, keyEncipherment [ db_peer ] basicConstraints = CA:FALSE extendedKeyUsage = clientAuth, serverAuth keyUsage = digitalSignature, keyEncipherment subjectAltName = ${ENV::SAN} [ db_server ] basicConstraints = CA:FALSE extendedKeyUsage = clientAuth, serverAuth keyUsage = digitalSignature, keyEncipherment subjectAltName = ${ENV::SAN}