openssl_conf = openssl_init

[openssl_init]
providers = provider_section

[provider_section]
default = default_section
tpm2 = tpm2_section
base = base_section

[default_section]
activate = 1

[tpm2_section]
activate = 1

[base_section]
activate = 1

# server section
# ==============
[req_server_root]
distinguished_name = req_dn_server_root
utf8 = yes
prompt = no
req_extensions = v3_server_root

[req_server_ca]
distinguished_name = req_dn_server_ca
utf8 = yes
prompt = no
req_extensions = v3_server_ca

[req_server]
distinguished_name = req_dn_server
utf8 = yes
prompt = no
req_extensions = v3_server

[req_dn_server_root]
C = GB
O = Pionix
L = London
CN = Root Trust Anchor

[req_dn_server_ca]
C = GB
O = Pionix
L = London
CN = Intermediate CA

[req_dn_server]
C = GB
O = Pionix
L = London
CN = 00000000

[req_dn_client]
C = GB
O = Pionix
L = London
CN = 12345678

[v3_server_root]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = critical, CA:true, pathlen:2
keyUsage = keyCertSign, cRLSign

[v3_server_ca]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = critical, CA:true
keyUsage = keyCertSign, cRLSign

[v3_server]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always
keyUsage = digitalSignature, keyEncipherment, keyAgreement
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = IP:192.168.245.1, DNS:evse.pionix.de

# client section
# ==============
[req_client]
distinguished_name = req_dn_client
utf8 = yes
prompt = no
req_extensions = v3_client

[req_client_root]
distinguished_name = req_dn_client_root
utf8 = yes
prompt = no
req_extensions = v3_client_root

[req_client_ca]
distinguished_name = req_dn_client_ca
utf8 = yes
prompt = no
req_extensions = v3_client_ca

[req_server]
distinguished_name = req_dn_server
utf8 = yes
prompt = no
req_extensions = v3_server

[req_dn_client_root]
C = DE
O = Pionix
L = Frankfurt
CN = Root Trust Anchor

[req_dn_client_ca]
C = DE
O = Pionix
L = Frankfurt
CN = Intermediate CA

[req_dn_client]
C = DE
O = Pionix
L = Frankfurt
CN = 12345678

[v3_client_root]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = critical, CA:true, pathlen:2
keyUsage = keyCertSign, cRLSign

[v3_client_ca]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = critical, CA:true
keyUsage = keyCertSign, cRLSign

[v3_client]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always
keyUsage = digitalSignature, keyEncipherment, keyAgreement
extendedKeyUsage = clientAuth