[ req ]
default_bits           = 2048
encrypt_key            = yes
distinguished_name     = req_dn
prompt                 = no
x509_extensions        = usr_cert

[ req_dn ]
C                      = ch
O                      = DIRAC
OU                     = DIRAC CI
CN                     = DIRACDockerDevBox
emailAddress           = DIRACDockerDevBox@diracgrid.org

[ usr_cert ]
# Extensions for client certificates (`man x509v3_config`).
basicConstraints = CA:FALSE
nsCertType = client, email
nsComment = "OpenSSL Generated Client Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth, emailProtection
