certificate_authorities: {
    test_ca: {
        ca_cert: {
            cert: "test_ca.cer",
            key: "test_ca.key"
        },
        cdp_location: 'URI:http://crl.domain.com/test_ca.crl',
        message_digest: 'SHA1', #SHA1, SHA256, SHA512 supported. MD5 too, but you really shouldn't use that unless you have a good reason
        profiles: {
            server: {
                basic_constraints: "CA:FALSE",
                key_usage: [digitalSignature,keyEncipherment],
                extended_key_usage: [serverAuth],
                certificate_policies: [ [ "policyIdentifier=2.16.840.1.9999999999.1.2.3.4.1", "CPS.1=http://example.com/cps"] ]
            }
        }
    }
}