A cursory reading didn't turn up anything obviously wrong or insecure with this setup, with the possible exception of there being insecure defaults in openssl.cnf which is minimally edited. Would love if anyone else could confirm that!
Other instructions on this site include setting up an intermediate CA using a similar process and details of the signing process. Great info, anyways.
I was having a really hard time last week trying to figure out good settings to pass to OpenSSL in 2014. There are quite a few tutorials over years, and as an outsider it's really hard to evaluate the relative benefits.
I'd really love to see a continually updated set of best practices for using OpenSSL for a variety of tasks, like creating a CA, intermediate cert, cert for ssl/tls, etc
I'm working on a PKI "manual" which will be up soon. I kind of forgot about it but it details a lot of things about PKI in 2015 and current security best practices. Still has omissions though hence why it's not up yet.
[1]https://github.com/rcrowley/certified