# OpenSSL configuration file.

[ req ]
# Options for the `req` tool (`man req`).
default_bits        = 2048
distinguished_name  = req_distinguished_name
prompt              = no
# SHA-1 is deprecated, so use SHA-2 instead.
default_md          = sha256
# Extension to add when the -x509 option is used.
x509_extensions     = v3_ca
# Try to force use of PrintableString throughout
string_mask         = pkix

[ req_distinguished_name ]
C=GB
ST=London
L=London
O=Google
OU=Eng
CN=TestGossiperRoot

[ v3_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = critical, CA:true, pathlen:3
keyUsage = critical, keyCertSign
extendedKeyUsage = 1.3.6.1.4.1.11129.2.4.6