- authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
- crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/crl.pem
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
+ crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem
+[ user_extensions ]
+ basicConstraints = critical,CA:FALSE,pathlen:0
+ keyUsage = digitalSignature,keyEncipherment
+ subjectAltName = email:$ENV::user@$ENV::x509_host
+ subjectKeyIdentifier = hash
+ issuerAltName = issuer:copy
+ authorityKeyIdentifier = keyid:always,issuer:always
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
+[ certificate_policies ]
+ policyIdentifier = 1.2.250.1.42
+ CPS.1 = https://www.$ENV::x509_host/x509/cps