From: Kim Alvefur Date: Mon, 9 Nov 2015 13:16:39 +0000 (+0100) Subject: cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see... X-Git-Url: https://git.enpas.org/?a=commitdiff_plain;h=adf10d75e68b3723db0eb51a22ec66ab2df533f3;p=prosody.git cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9) --- diff --git a/certs/openssl.cnf b/certs/openssl.cnf index 091409c4..ee17b1cf 100644 --- a/certs/openssl.cnf +++ b/certs/openssl.cnf @@ -13,8 +13,8 @@ SRVName = 1.3.6.1.5.5.7.8.7 default_bits = 4096 default_keyfile = example.com.key distinguished_name = distinguished_name -req_extensions = v3_extensions -x509_extensions = v3_extensions +req_extensions = certrequest +x509_extensions = selfsigned # ask about the DN? prompt = no @@ -28,16 +28,22 @@ organizationName = Your Organisation organizationalUnitName = XMPP Department emailAddress = xmpp@example.com -[ v3_extensions ] +[ certrequest ] # for certificate requests (req_extensions) -# and self-signed certificates (x509_extensions) basicConstraints = CA:FALSE keyUsage = digitalSignature,keyEncipherment extendedKeyUsage = serverAuth,clientAuth subjectAltName = @subject_alternative_name +[ selfsigned ] + +# and self-signed certificates (x509_extensions) + +basicConstraints = CA:TRUE +subjectAltName = @subject_alternative_name + [ subject_alternative_name ] # See http://tools.ietf.org/html/rfc6120#section-13.7.1.2 for more info.