# for microsoft smart card logon
# key_purpose_oid = 1.3.6.1.4.1.311.20.2.2
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites). This is the digitalSignature flag
+# in RFC5280 terminology.
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing. This is the keyEncipherment flag
+# in RFC5280 terminology.
+encryption_key
+
+
### Other predefined key purpose OIDs
# Whether this certificate will be used for a TLS client
#crl_dist_points = "http://www.getcrl.crl/getcrl/"
# Whether this is a CA certificate or not
-ca
+# ca
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites). This is the digitalSignature flag
+# in RFC5280 terminology.
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing. This is the keyEncipherment flag
+# in RFC5280 terminology.
+encryption_key
# for microsoft smart card logon
# key_purpose_oid = 1.3.6.1.4.1.311.20.2.2
encryption_key
# Whether this key will be used to sign other certificates.
-cert_signing_key
+# cert_signing_key
# Whether this key will be used to sign CRLs.
crl_signing_key
#crl_dist_points = "http://www.getcrl.crl/getcrl/"
# Whether this is a CA certificate or not
-ca
+# ca
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites). This is the digitalSignature flag
+# in RFC5280 terminology.
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing. This is the keyEncipherment flag
+# in RFC5280 terminology.
+encryption_key
# for microsoft smart card logon
# key_purpose_oid = 1.3.6.1.4.1.311.20.2.2
encryption_key
# Whether this key will be used to sign other certificates.
-cert_signing_key
+# cert_signing_key
# Whether this key will be used to sign CRLs.
crl_signing_key
#crl_dist_points = "http://www.getcrl.crl/getcrl/"
# Whether this is a CA certificate or not
-ca
+# ca
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites). This is the digitalSignature flag
+# in RFC5280 terminology.
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing. This is the keyEncipherment flag
+# in RFC5280 terminology.
+encryption_key
+
# for microsoft smart card logon
# key_purpose_oid = 1.3.6.1.4.1.311.20.2.2
encryption_key
# Whether this key will be used to sign other certificates.
-cert_signing_key
+# cert_signing_key
# Whether this key will be used to sign CRLs.
crl_signing_key