1 basicConstraints = CA:false
2 nsCertType = client, server
3 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
4 extendedKeyUsage = clientAuth, serverAuth
6 subjectKeyIdentifier = hash
7 authorityKeyIdentifier = keyid, issuer:always
8 subjectAltName = @subject_alt_name
9 issuerAltName = issuer:copy
10 nsCaRevocationUrl = %(crl_url)s
11 nsRevocationUrl = %(crl_url)s
12 crlDistributionPoints = @cdp_section