cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see...

author Kim Alvefur <zash@zash.se>

Mon, 9 Nov 2015 13:16:39 +0000 (14:16 +0100)

committer Kim Alvefur <zash@zash.se>

Mon, 9 Nov 2015 13:16:39 +0000 (14:16 +0100)
author Kim Alvefur <zash@zash.se>
Mon, 9 Nov 2015 13:16:39 +0000 (14:16 +0100)
committer Kim Alvefur <zash@zash.se>
Mon, 9 Nov 2015 13:16:39 +0000 (14:16 +0100)
diff --git a/certs/openssl.cnf b/certs/openssl.cnf

index 091409c43893a1b4f0bf99bc9fd122aee8546fc9..ee17b1cf4960d9e9ab121b679591679cbe5344f5 100644 (file)
--- a/certs/openssl.cnf
+++ b/certs/openssl.cnf
@@ -13,8 +13,8 @@ SRVName  = 1.3.6.1.5.5.7.8.7
  default_bits       = 4096
  default_keyfile    = example.com.key
  distinguished_name = distinguished_name
-req_extensions     = v3_extensions
-x509_extensions    = v3_extensions
+req_extensions     = certrequest
+x509_extensions    = selfsigned
  
  # ask about the DN?
  prompt = no
@@ -28,16 +28,22 @@ organizationName       = Your Organisation
  organizationalUnitName = XMPP Department
  emailAddress           = xmpp@example.com
  
-[ v3_extensions ]
+[ certrequest ]
  
  # for certificate requests (req_extensions)
-# and self-signed certificates (x509_extensions)
  
  basicConstraints = CA:FALSE
  keyUsage         = digitalSignature,keyEncipherment
  extendedKeyUsage = serverAuth,clientAuth
  subjectAltName   = @subject_alternative_name
  
+[ selfsigned ]
+
+# and self-signed certificates (x509_extensions)
+
+basicConstraints = CA:TRUE
+subjectAltName = @subject_alternative_name
+
  [ subject_alternative_name ]
  
  # See http://tools.ietf.org/html/rfc6120#section-13.7.1.2 for more info.
author	Kim Alvefur <zash@zash.se>
	Mon, 9 Nov 2015 13:16:39 +0000 (14:16 +0100)
committer	Kim Alvefur <zash@zash.se>
	Mon, 9 Nov 2015 13:16:39 +0000 (14:16 +0100)