basicConstraints = CA:true
subjectKeyIdentifier=none
keyUsage = keyCertSign