[tls-client-extensions]
basicConstraints = critical, CA:FALSE
-keyUsage = critical, digitalSignature
+keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always