{
  "signing": {
    "profiles": {
      "subca": {
        "usages": ["digital signing", "crl sign", "cert sign", "ospf signing"],
        "ca_constraint": { "is_ca": true, "max_path_len": 0, "max_path_len_zero": true },
        "expiry": "430000h"
      }
    },
    "default": {
      "usages": ["digital signature", "key encipherment", "server auth", "client auth"],
      "expiry": "394200h"
    }
  }
}