[ ca ] default_ca = myca [ crl_ext ] # issuerAltName=issuer:copy #this would copy the issuer name to altname authorityKeyIdentifier=keyid:always [ myca ] new_certs_dir = /tmp unique_subject = no certificate = root.cer database = certindex private_key = privkey.pem serial = serialfile default_days = 365 default_md = sha1 policy = myca_policy x509_extensions = myca_extensions [ myca_policy ] commonName = supplied stateOrProvinceName = optional countryName = supplied emailAddress = optional organizationName = supplied organizationalUnitName = optional [ myca_extensions ] basicConstraints = CA:false subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always subjectAltName = IP:10.225.118.120 # Replace this with the IP of your Vault server. keyUsage = digitalSignature,keyEncipherment extendedKeyUsage = serverAuth