basicConstraints = critical,CA:false
keyUsage=critical,digitalSignature
subjectKeyIdentifier=hash