From cbb1f06088661f0cdbaa04d26175f29613e9d57f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 9 Nov 2015 14:16:39 +0100 Subject: cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9) --- certs/openssl.cnf | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/certs/openssl.cnf b/certs/openssl.cnf index 091409c4..ee17b1cf 100644 --- a/certs/openssl.cnf +++ b/certs/openssl.cnf @@ -13,8 +13,8 @@ SRVName = 1.3.6.1.5.5.7.8.7 default_bits = 4096 default_keyfile = example.com.key distinguished_name = distinguished_name -req_extensions = v3_extensions -x509_extensions = v3_extensions +req_extensions = certrequest +x509_extensions = selfsigned # ask about the DN? prompt = no @@ -28,16 +28,22 @@ organizationName = Your Organisation organizationalUnitName = XMPP Department emailAddress = xmpp@example.com -[ v3_extensions ] +[ certrequest ] # for certificate requests (req_extensions) -# and self-signed certificates (x509_extensions) basicConstraints = CA:FALSE keyUsage = digitalSignature,keyEncipherment extendedKeyUsage = serverAuth,clientAuth subjectAltName = @subject_alternative_name +[ selfsigned ] + +# and self-signed certificates (x509_extensions) + +basicConstraints = CA:TRUE +subjectAltName = @subject_alternative_name + [ subject_alternative_name ] # See http://tools.ietf.org/html/rfc6120#section-13.7.1.2 for more info. -- cgit v1.2.3