# HG changeset patch # User Kim Alvefur # Date 1447074999 -3600 # Node ID e0672860d20884fa76f73761e96fdade8d15fcb4 # Parent 5a60b4705bc33d6e630258a684c27f16c46d23f3 cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9) diff -r 5a60b4705bc3 -r e0672860d208 certs/openssl.cnf --- a/certs/openssl.cnf Wed Oct 14 20:55:26 2015 +0200 +++ b/certs/openssl.cnf Mon Nov 09 14:16:39 2015 +0100 @@ -13,8 +13,8 @@ default_bits = 4096 default_keyfile = example.com.key distinguished_name = distinguished_name -req_extensions = v3_extensions -x509_extensions = v3_extensions +req_extensions = certrequest +x509_extensions = selfsigned # ask about the DN? prompt = no @@ -28,16 +28,22 @@ organizationalUnitName = XMPP Department emailAddress = xmpp@example.com -[ v3_extensions ] +[ certrequest ] # for certificate requests (req_extensions) -# and self-signed certificates (x509_extensions) basicConstraints = CA:FALSE keyUsage = digitalSignature,keyEncipherment extendedKeyUsage = serverAuth,clientAuth subjectAltName = @subject_alternative_name +[ selfsigned ] + +# and self-signed certificates (x509_extensions) + +basicConstraints = CA:TRUE +subjectAltName = @subject_alternative_name + [ subject_alternative_name ] # See http://tools.ietf.org/html/rfc6120#section-13.7.1.2 for more info.