aboutsummaryrefslogtreecommitdiffstats
path: root/certs
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2015-11-09 14:16:39 +0100
committerKim Alvefur <zash@zash.se>2015-11-09 14:16:39 +0100
commitcbb1f06088661f0cdbaa04d26175f29613e9d57f (patch)
tree0822c9d13f3cc1adafeca3d49d90d9a3ea9ceb58 /certs
parentb3a384b2e93e5d649af7a6a9c32b4d2d441a0c48 (diff)
downloadprosody-cbb1f06088661f0cdbaa04d26175f29613e9d57f.tar.gz
prosody-cbb1f06088661f0cdbaa04d26175f29613e9d57f.zip
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Diffstat (limited to 'certs')
-rw-r--r--certs/openssl.cnf14
1 files changed, 10 insertions, 4 deletions
diff --git a/certs/openssl.cnf b/certs/openssl.cnf
index 091409c4..ee17b1cf 100644
--- a/certs/openssl.cnf
+++ b/certs/openssl.cnf
@@ -13,8 +13,8 @@ SRVName = 1.3.6.1.5.5.7.8.7
default_bits = 4096
default_keyfile = example.com.key
distinguished_name = distinguished_name
-req_extensions = v3_extensions
-x509_extensions = v3_extensions
+req_extensions = certrequest
+x509_extensions = selfsigned
# ask about the DN?
prompt = no
@@ -28,16 +28,22 @@ organizationName = Your Organisation
organizationalUnitName = XMPP Department
emailAddress = xmpp@example.com
-[ v3_extensions ]
+[ certrequest ]
# for certificate requests (req_extensions)
-# and self-signed certificates (x509_extensions)
basicConstraints = CA:FALSE
keyUsage = digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth,clientAuth
subjectAltName = @subject_alternative_name
+[ selfsigned ]
+
+# and self-signed certificates (x509_extensions)
+
+basicConstraints = CA:TRUE
+subjectAltName = @subject_alternative_name
+
[ subject_alternative_name ]
# See http://tools.ietf.org/html/rfc6120#section-13.7.1.2 for more info.