This is the following article of My CA preparation supporting OCSP - Shammerism.
The first step is build up my own root CA. Article title includes
But root CA is simple because there is no need both CRL Distribution Points and AIA when root CA generating.
Those are required when sigining intermediate CA with a root CA certificate.

So, openssl config for generating root ca certificate are not required modification.
I generated root ca cert with the following conf file.

[ default ]
dir              = .
name_opt         = multiline,-esc_msb,utf8
distinguished_name = ca_dn
prompt = no

[ ca_dn ]
countryName             = "JP"
stateOrProvinceName     = "Kanagawa"
localityName            = "Yokohama"
organizationName        = "TotoRiotto"
commonName              = "TotoRiotto Root CA"

[ req ]
x509_extensions = x509_extensions

[ x509_extensions ]
keyUsage                = critical,keyCertSign,cRLSign,digitalSignature
basicConstraints        = critical,CA:true
subjectKeyIdentifier    = hash
authorityKeyIdentifier  = keyid:always

Then, openssl command is below.

openssl req -x509 -config generate-root-ca.conf -sha256 -nodes -newkey rsa:2048 -keyout TotoRiottoRootCA/private/ca.key -out TotoRiottoRootCA/cacert.pem -days 3650

Next step is creating config file to generate intermediate CA certificate.