basicConstraints = CA:FALSE | |
keyUsage = nonRepudiation, digitalSignature, keyEncipherment | |
subjectAltName = DNS:127.0.0.1 | |
# CanSignHttpExchanges extension | |
# https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html#cross-origin-cert-req | |
1.3.6.1.4.1.11129.2.1.22 = ASN1:NULL |