openssl_conf = openssl_init

[openssl_init]
providers = provider_section

[provider_section]
default = default_section
tpm2 = tpm2_section
base = base_section

[default_section]
activate = 1

[tpm2_section]
activate = 1

[base_section]
activate = 1

[tpm2tss_section]
engine_id = tpm2tss
dynamic_path = /usr/lib/engines-3/libtpm2tss.so
init = 1

[req_root]
distinguished_name = req_dn_root
utf8 = yes
prompt = no
req_extensions = v3_root

[req_ca]
distinguished_name = req_dn_ca
utf8 = yes
prompt = no
req_extensions = v3_ca

[req_server]
distinguished_name = req_dn_server
utf8 = yes
prompt = no
req_extensions = v3_server

[req_dn_root]
C = GB
O = Pionix
L = London
CN = Root Trust Anchor

[req_dn_ca]
C = GB
O = Pionix
L = London
CN = Intermediate CA

[req_dn_server]
C = GB
O = Pionix
L = London
CN = 00000000

[v3_root]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = critical, CA:true, pathlen:2
keyUsage = keyCertSign, cRLSign

[v3_ca]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = critical, CA:true
keyUsage = keyCertSign, cRLSign

[v3_server]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
keyUsage = digitalSignature, keyEncipherment, keyAgreement
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = IP:192.168.240.1, DNS:pionix.com