aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2015-11-09 14:16:39 +0100
committerKim Alvefur <zash@zash.se>2015-11-09 14:16:39 +0100
commita0619f9361cf62f6a26dcf3bccbc09097071c7bb (patch)
tree0822c9d13f3cc1adafeca3d49d90d9a3ea9ceb58
parentb5541c402f33ec62d405594d306dba4d53363351 (diff)
downloadprosody-a0619f9361cf62f6a26dcf3bccbc09097071c7bb.tar.gz
prosody-a0619f9361cf62f6a26dcf3bccbc09097071c7bb.zip
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
-rw-r--r--certs/openssl.cnf14
1 files changed, 10 insertions, 4 deletions
diff --git a/certs/openssl.cnf b/certs/openssl.cnf
index 091409c4..ee17b1cf 100644
--- a/certs/openssl.cnf
+++ b/certs/openssl.cnf
@@ -13,8 +13,8 @@ SRVName = 1.3.6.1.5.5.7.8.7
default_bits = 4096
default_keyfile = example.com.key
distinguished_name = distinguished_name
-req_extensions = v3_extensions
-x509_extensions = v3_extensions
+req_extensions = certrequest
+x509_extensions = selfsigned
# ask about the DN?
prompt = no
@@ -28,16 +28,22 @@ organizationName = Your Organisation
organizationalUnitName = XMPP Department
emailAddress = xmpp@example.com
-[ v3_extensions ]
+[ certrequest ]
# for certificate requests (req_extensions)
-# and self-signed certificates (x509_extensions)
basicConstraints = CA:FALSE
keyUsage = digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth,clientAuth
subjectAltName = @subject_alternative_name
+[ selfsigned ]
+
+# and self-signed certificates (x509_extensions)
+
+basicConstraints = CA:TRUE
+subjectAltName = @subject_alternative_name
+
[ subject_alternative_name ]
# See http://tools.ietf.org/html/rfc6120#section-13.7.1.2 for more info.