The policy variable specifies the default policy section to use if the
-policy argument is not supplied to the
ca command. The CA policy section of a configuration file
identifies the requirements for the contents of a certificate request which must
be met before it is signed by the CA.
There are two policy sections defined in the Example openssl.cnf File :
policy_match and
policy_anything.
The policy_match section of the example
openssl.cnf file specifies the order of the attributes in
the generated certificate as follows:
countryName stateOrProvinceName organizationName organizationalUnitName commonName emailAddress
Consider the following value:
countryName = match
This means that the country name must match the CA certificate.
Consider the following value:
organisationalUnitName = optional
This means that the organisationalUnitName does not have to
be present.
 |  |  |
 |
