You can configure the file openssl.cnf to support a number of CAs that have different policies for signing CSRs. The -name parameter to the ca command specifies which CA section to use; for example:

openssl ca -name MyCa ...

This command refers to the CA section [MyCa]. If -name is not supplied to the ca command, the CA section used is the one indicated by the default_ca variable. In the Example openssl.cnf File , this is set to CA_default (which is the name of another section listing the defaults for a number of settings associated with the ca command). Multiple different CAs can be supported in the configuration file, but there can be only one default CA.

Possible [ca] variables include the following

dir: The location for the CA database
     The database is a simple text database containing the
     following tab separated fields:

status: A value of ‘R’ - revoked, ‘E’ -expired or ‘V’ valid
issued date: When the certificate was certified
revoked date: When it was revoked, blank if not revoked
serial number: The certificate serial number
certificate: Where the certificate is located
CN: The name of the certificate
certs: Where the issued certificates are kept

The serial number field should be unique, as should the CN/status combination. The ca utility checks these at startup.