ca.Policy.order=KeyAlgRule, RSAKeyRule, DefaultValidityRule,
RenewalConstraintsRule, DefaultRenewalValidityRule,
RevocationConstraintsRule, DefaultRevocationRule, NSCertTypeExt,
CMCertKeyUsageExt, RMCertKeyUsageExt, ClientCertKeyUsageExt,
ServerCertKeyUsageExt, ObjSignCertKeyUsageExt,
SubjectKeyIdentifierExt, CertificatePoliciesExt, NSCComment,
OCSPNoCheckExt, OCSPSigningExt, CODESigningExt, GenericASN1Ext,
CRLDistributionPointsExt, SubjectAltNameExt, SigningAlgRule,
AuthorityKeyIdentifierExt, BasicConstraintsExt, UniqueSubjectName,
NameConstraintsExt, PolicyConstraintsExt, SubCANameCheck,
PolicyMappingsExt, IssuerRule