Diff

--- a/certs/openssl.cnf	Wed Oct 14 20:55:26 2015 +0200
+++ b/certs/openssl.cnf	Mon Nov 09 14:16:39 2015 +0100
@@ -13,8 +13,8 @@
 default_bits       = 4096
 default_keyfile    = example.com.key
 distinguished_name = distinguished_name
-req_extensions     = v3_extensions
-x509_extensions    = v3_extensions
+req_extensions     = certrequest
+x509_extensions    = selfsigned
 
 # ask about the DN?
 prompt = no
@@ -28,16 +28,22 @@
 organizationalUnitName = XMPP Department
 emailAddress           = xmpp@example.com
 
-[ v3_extensions ]
+[ certrequest ]
 
 # for certificate requests (req_extensions)
-# and self-signed certificates (x509_extensions)
 
 basicConstraints = CA:FALSE
 keyUsage         = digitalSignature,keyEncipherment
 extendedKeyUsage = serverAuth,clientAuth
 subjectAltName   = @subject_alternative_name
 
+[ selfsigned ]
+
+# and self-signed certificates (x509_extensions)
+
+basicConstraints = CA:TRUE
+subjectAltName = @subject_alternative_name
+
 [ subject_alternative_name ]
 
 # See http://tools.ietf.org/html/rfc6120#section-13.7.1.2 for more info.