Software /
code /
prosody
Changeset
6922:e0672860d208
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Mon, 09 Nov 2015 14:16:39 +0100 |
parents | 6906:5a60b4705bc3 |
children | 6923:f755e0bdc60a |
files | certs/openssl.cnf |
diffstat | 1 files changed, 10 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/certs/openssl.cnf Wed Oct 14 20:55:26 2015 +0200 +++ b/certs/openssl.cnf Mon Nov 09 14:16:39 2015 +0100 @@ -13,8 +13,8 @@ default_bits = 4096 default_keyfile = example.com.key distinguished_name = distinguished_name -req_extensions = v3_extensions -x509_extensions = v3_extensions +req_extensions = certrequest +x509_extensions = selfsigned # ask about the DN? prompt = no @@ -28,16 +28,22 @@ organizationalUnitName = XMPP Department emailAddress = xmpp@example.com -[ v3_extensions ] +[ certrequest ] # for certificate requests (req_extensions) -# and self-signed certificates (x509_extensions) basicConstraints = CA:FALSE keyUsage = digitalSignature,keyEncipherment extendedKeyUsage = serverAuth,clientAuth subjectAltName = @subject_alternative_name +[ selfsigned ] + +# and self-signed certificates (x509_extensions) + +basicConstraints = CA:TRUE +subjectAltName = @subject_alternative_name + [ subject_alternative_name ] # See http://tools.ietf.org/html/rfc6120#section-13.7.1.2 for more info.