aboutsummaryrefslogtreecommitdiffstats
path: root/certs
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2015-11-09 14:16:39 +0100
committerKim Alvefur <zash@zash.se>2015-11-09 14:16:39 +0100
commit804359f606cb5b1fa133f895c287fc776816d154 (patch)
tree0822c9d13f3cc1adafeca3d49d90d9a3ea9ceb58 /certs
parent7b773fd7d8c3f0af2fe174a757539f17a987dd46 (diff)
downloadprosody-804359f606cb5b1fa133f895c287fc776816d154.tar.gz
prosody-804359f606cb5b1fa133f895c287fc776816d154.zip
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Diffstat (limited to 'certs')
-rw-r--r--certs/openssl.cnf14
1 files changed, 10 insertions, 4 deletions
diff --git a/certs/openssl.cnf b/certs/openssl.cnf
index 091409c4..ee17b1cf 100644
--- a/certs/openssl.cnf
+++ b/certs/openssl.cnf
@@ -13,8 +13,8 @@ SRVName = 1.3.6.1.5.5.7.8.7
default_bits = 4096
default_keyfile = example.com.key
distinguished_name = distinguished_name
-req_extensions = v3_extensions
-x509_extensions = v3_extensions
+req_extensions = certrequest
+x509_extensions = selfsigned
# ask about the DN?
prompt = no
@@ -28,16 +28,22 @@ organizationName = Your Organisation
organizationalUnitName = XMPP Department
emailAddress = xmpp@example.com
-[ v3_extensions ]
+[ certrequest ]
# for certificate requests (req_extensions)
-# and self-signed certificates (x509_extensions)
basicConstraints = CA:FALSE
keyUsage = digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth,clientAuth
subjectAltName = @subject_alternative_name
+[ selfsigned ]
+
+# and self-signed certificates (x509_extensions)
+
+basicConstraints = CA:TRUE
+subjectAltName = @subject_alternative_name
+
[ subject_alternative_name ]
# See http://tools.ietf.org/html/rfc6120#section-13.7.1.2 for more info.