<?xml version="1.0" ?> <!-- PKI X509 PROFILE --> <pki:profile xmlns:pki="http://www.openca.org/openca/pki/1/0/0"> <!-- Name of the Service --> <pki:name>Server</pki:name> <pki:subject> <pki:cn required="yes" max="1" min="1" /> <pki:ou required="no" max="5" /> <pki:o required="yes" max="1" min="1">OpenCA</pki:o> <pki:c required="yes" max="1" min="1">US</pki:c> </pki:subject> <pki:validity> <pki:years>2</pki:years> <pki:days>0</pki:days> <pki:hours>0</pki:hours> <pki:minutes>0</pki:minutes> </pki:validity> <pki:extensions> <!-- Basic Constrains (CA or not CA) Required by some Software --> <pki:extension name="basicConstraints" crtitical="yes" type="standard"> CA:FALSE </pki:extension> <pki:extension critical="no" name="keyUsage" type="standard"> nonRepudiation,digitalSignature,keyEncipherment </pki:extension> <!-- Old Netscape extension --> <pki:extension critical="no" name="nsCertType" type="private"> client,email </pki:extension> <pki:extension critical="no" name="extendedKeyUsage" type="standard"> clientAuth,emailProtection,1.3.6.1.4.1.311.20.2.2 </pki:extension> <pki:extension critical="no" name="subjectKeyIdentifier" type="standard"> hash </pki:extension> <pki:extension name="authorityKeyIdentifier" type="standard"> keyid,issuer:always </pki:extension> <pki:extension name="subjectAltName" type="standard"> env:subjectAltName </pki:extension> <pki:extension name="crlDistributionPoints" type="pkix"> env:cdp </pki:extension> </pki:extensions> </pki:profile>