[trust_cert]
authorityKeyIdentifier = keyid,issuer
basicConstraints       = CA:FALSE
keyUsage               = digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
extendedKeyUsage       = serverAuth,clientAuth,emailProtection
subjectAltName         = @alt_names

[alt_names]