[ exts ]
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid:always, issuer
basicConstraints       = critical, CA:true
keyUsage               = keyCertSign, cRLSign, digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage 		= serverAuth, clientAuth, anyExtendedKeyUsage