Signing a certificate with my CA

Question

On running:

openssl ca -in ${ALIAS}.csr -out user-cert.pem -keyfile cacert-private.pem -cert cacert.pem -passin pass:$PASSWD -config ${CONFIG}

Answer 1

^{Promoting mbrownnyc's comment to an answer, as it was useful to me and deserves more attention.}

I believe /usr/ssl/openssl.cnf contains a policy called policy_anything that contains the above setup. You can use it by utilizing the policy argument as follows:

openssl ca -policy policy_anything -days 365 -out /root/ca/certs/out.pem -in certreq.csr