diff options
| author | Kim Alvefur <zash@zash.se> | 2015-11-09 14:16:39 +0100 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2015-11-09 14:16:39 +0100 |
| commit | 67e6c8ceae722d153207a89bc3c3eca452fa2874 (patch) | |
| tree | 0822c9d13f3cc1adafeca3d49d90d9a3ea9ceb58 /certs | |
| parent | 5f7129b28bf6f6945e035dbac1731e1dc3096978 (diff) | |
| download | prosody-67e6c8ceae722d153207a89bc3c3eca452fa2874.tar.gz prosody-67e6c8ceae722d153207a89bc3c3eca452fa2874.zip | |
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Diffstat (limited to 'certs')
| -rw-r--r-- | certs/openssl.cnf | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/certs/openssl.cnf b/certs/openssl.cnf index 091409c4..ee17b1cf 100644 --- a/certs/openssl.cnf +++ b/certs/openssl.cnf @@ -13,8 +13,8 @@ SRVName = 1.3.6.1.5.5.7.8.7 default_bits = 4096 default_keyfile = example.com.key distinguished_name = distinguished_name -req_extensions = v3_extensions -x509_extensions = v3_extensions +req_extensions = certrequest +x509_extensions = selfsigned # ask about the DN? prompt = no @@ -28,16 +28,22 @@ organizationName = Your Organisation organizationalUnitName = XMPP Department emailAddress = xmpp@example.com -[ v3_extensions ] +[ certrequest ] # for certificate requests (req_extensions) -# and self-signed certificates (x509_extensions) basicConstraints = CA:FALSE keyUsage = digitalSignature,keyEncipherment extendedKeyUsage = serverAuth,clientAuth subjectAltName = @subject_alternative_name +[ selfsigned ] + +# and self-signed certificates (x509_extensions) + +basicConstraints = CA:TRUE +subjectAltName = @subject_alternative_name + [ subject_alternative_name ] # See http://tools.ietf.org/html/rfc6120#section-13.7.1.2 for more info. |