[v3_ca]
basicConstraints = critical, CA:TRUE
subjectKeyIdentifier = hash

[v3_usr]
basicConstraints = critical, CA:FALSE
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = critical, emailProtection
subjectKeyIdentifier = hash