# db OpenSSL configuration file.
SAN = "IP:127.0.0.1, IP:172.17.0.1, DNS:host.docker.internal"
dir = .

[ ca ]
default_ca = db_ca

[ db_ca ]
certs            = $dir/certs
certificate      = $dir/certs/ca.crt
crl              = $dir/crl.pem
crl_dir          = $dir/crl
crlnumber        = $dir/crlnumber
database         = $dir/index.txt
email_in_dn      = no
new_certs_dir    = $dir/newcerts
private_key      = $dir/private/ca.key
serial           = $dir/serial
RANDFILE         = $dir/private/.rand
name_opt         = ca_default
cert_opt         = ca_default
default_days     = 3650
default_crl_days = 30
default_md       = sha512
preserve         = no
policy           = policy_db

[ policy_db ]
organizationName = optional
commonName       = supplied

[ req ]
default_bits       = 1024
default_keyfile    = privkey.pem
distinguished_name = req_distinguished_name
attributes         = req_attributes
x509_extensions    = v3_ca
string_mask        = utf8only
req_extensions     = db_client

[ req_distinguished_name ]
countryName                = Country Name (2 letter code)
countryName_default        = US
countryName_min            = 2
countryName_max            = 2
commonName                 = Common Name (FQDN)
0.organizationName         = Organization Name (eg, company)
0.organizationName_default = db-ca

[ req_attributes ]

[ v3_ca ]
basicConstraints       = CA:true
keyUsage               = keyCertSign,cRLSign
subjectKeyIdentifier   = hash

[ db_client ]
basicConstraints       = CA:FALSE
extendedKeyUsage       = clientAuth
keyUsage               = digitalSignature, keyEncipherment

[ db_peer ]
basicConstraints       = CA:FALSE
extendedKeyUsage       = clientAuth, serverAuth
keyUsage               = digitalSignature, keyEncipherment
subjectAltName         = ${ENV::SAN}

[ db_server ]
basicConstraints       = CA:FALSE
extendedKeyUsage       = clientAuth, serverAuth
keyUsage               = digitalSignature, keyEncipherment
subjectAltName         = ${ENV::SAN}