-echo "authorityKeyIdentifier=keyid,issuer" > openssl.ext
-echo "basicConstraints=CA:FALSE" >> openssl.ext
-echo "subjectAltName = @alt_names" >> openssl.ext
-echo "[alt_names]" >> openssl.ext
-echo "DNS.1 = localhost" >> openssl.ext
+echo "subjectKeyIdentifier = hash" > x509.ext
+echo "authorityKeyIdentifier = keyid:always,issuer:always" >> x509.ext
+echo "basicConstraints = CA:TRUE" >> x509.ext
+echo "keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign" >> x509.ext
+echo "subjectAltName = DNS.1:localhost, IP.1:127.0.0.1, DNS.2:minikube, IP.2:${IP}, DNS.3:keycloak.default, DNS.4:keycloak.est.tech, DNS.5:keycloak" >> x509.ext
+echo "issuerAltName = issuer:copy" >> x509.ext
+echo "[ ca ]" >> x509.ext
+echo "# X509 extensions for a ca" >> x509.ext
+echo "keyUsage = critical, cRLSign, keyCertSign" >> x509.ext
+echo "basicConstraints = CA:TRUE, pathlen:0" >> x509.ext
+echo "subjectKeyIdentifier = hash" >> x509.ext
+echo "authorityKeyIdentifier = keyid:always,issuer:always" >> x509.ext
+echo "" >> x509.ext
+echo "[ server ]" >> x509.ext
+echo "# X509 extensions for a server" >> x509.ext
+echo "keyUsage = critical,digitalSignature,keyEncipherment" >> x509.ext
+echo "extendedKeyUsage = serverAuth,clientAuth" >> x509.ext
+echo "basicConstraints = critical,CA:FALSE" >> x509.ext
+echo "subjectKeyIdentifier = hash" >> x509.ext
+echo "authorityKeyIdentifier = keyid,issuer:always" >> x509.ext