[ req ]
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
dirstring_type = nobmp

[ req_distinguished_name ]
commonName = caRoot
commonName_default = root

[ v3_ca ]
keyUsage = critical, keyCertSign
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = critical, CA:TRUE, pathlen:1
extendedKeyUsage = serverAuth