[ untrusted_voms ]

default_bits           = 2048
default_keyfile        = ${ENV::CA_NAME}/certs/untrusted_voms.key.pem
distinguished_name     = untrusted_voms_dn
prompt                 = no
encrypt_key            = no
default_md             = sha512
x509_extensions        = untrusted_voms_extensions

[ untrusted_voms_dn ]

C                      = IT
O                      = IGI
CN                     = untrusted-voms.example

[ untrusted_voms_extensions ]

basicConstraints       = critical,CA:FALSE
subjectKeyIdentifier   = hash
keyUsage               = critical, digitalSignature
extendedKeyUsage       = serverAuth, clientAuth
authorityKeyIdentifier = keyid, issuer
subjectAltName         = DNS:untrusted-voms.example