[ expired ]

default_bits           = 2048
default_keyfile        = ${ENV::CA_NAME}/certs/expired.key.pem
distinguished_name     = expired_dn
prompt                 = no
output_password        = pass
default_md             = sha512
x509_extensions        = expired_extensions

[ expired_dn ]

C                      = IT
O                      = IGI
CN                     = Expired

[ expired_extensions ]

basicConstraints       = critical,CA:FALSE
subjectKeyIdentifier   = hash
keyUsage               = critical, nonRepudiation, digitalSignature, keyEncipherment
authorityKeyIdentifier = keyid, issuer
subjectAltName         = email:expired@cnaf.infn.it