./mkcert.sh geneenocsr "Server RSA-PSS restricted cert" \
server-pss-restrict-cert rootkey rootcert
+openssl req -new -noenc -subj "/CN=Client-RSA-PSS" \
+ -newkey rsa-pss -keyout client-pss-restrict-key.pem \
+ -pkeyopt rsa_pss_keygen_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:32 | \
+ ./mkcert.sh geneenocsr -p clientAuth "Client RSA-PSS restricted cert" \
+ client-pss-restrict-cert rootkey rootcert
+
# CT entry
./mkcert.sh genct server.example embeddedSCTs1-key embeddedSCTs1 embeddedSCTs1_issuer-key embeddedSCTs1_issuer ct-server-key