+# vim: ft=cfg
+[ req ]
+ default_bits = 4096
+ default_md = sha512
+ distinguished_name = distinguished_name
+ prompt = no
+ req_extensions = extensions
+ utf8 = yes
+[ distinguished_name ]
+ countryName = FR
+ #stateOrProvinceName =
+ #localityName =
+ 0.organizationName = L’Heureux Cyclage
+ organizationalUnitName = public
+ commonName = *.heureux-cyclage.org
+ # NOTE: wildcard certificate (more expen$ive)
+[ extensions ]
+ basicConstraints = critical,CA:FALSE
+ # NOTE: this is not a Certificate Authority,
+ # but only a leaf certificate, and thus
+ # does not allow user certificates.
+ keyUsage = keyEncipherment, keyAgreement
+ subjectAltName = email:admin@heureux-cyclage.org
+ subjectKeyIdentifier = hash