15 new_certs_dir=testca/newcerts
22 x509_extensions = v3_ca
28 basicConstraints = critical, CA:FALSE
29 keyUsage = critical, digitalSignature, keyEncipherment, keyAgreement
30 extendedKeyUsage = clientAuth, serverAuth, nsSGC, msSGC
35 subjectAltName = optional