diff options
| author | Ted Trask <ttrask01@yahoo.com> | 2008-07-11 12:46:38 +0000 |
|---|---|---|
| committer | Ted Trask <ttrask01@yahoo.com> | 2008-07-11 12:46:38 +0000 |
| commit | 94ea0142e1ceed7ed876efaa18d34ffa75190a2f (patch) | |
| tree | 74a732b97dcb908f4f76931b543850784e9bb75e /openssl-ca-acf.cnf | |
| parent | a212499c9b3ca33a3f60398192e4998424e379e1 (diff) | |
| download | acf-openssl-94ea0142e1ceed7ed876efaa18d34ffa75190a2f.tar.bz2 acf-openssl-94ea0142e1ceed7ed876efaa18d34ffa75190a2f.tar.xz | |
Modified openssl to work with new cnf file. Distinguished names are no longer hard coded, but entirely based upon cnf file. Modified views to display password and certtype at end. Update to getopts fixes bug where setting defaults truncated the cnf file.
git-svn-id: svn://svn.alpinelinux.org/acf/openssl/trunk@1295 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'openssl-ca-acf.cnf')
| -rw-r--r-- | openssl-ca-acf.cnf | 30 |
1 files changed, 11 insertions, 19 deletions
diff --git a/openssl-ca-acf.cnf b/openssl-ca-acf.cnf index 2e3adfb..47eec0e 100644 --- a/openssl-ca-acf.cnf +++ b/openssl-ca-acf.cnf @@ -89,12 +89,7 @@ countryName = optional commonName = supplied emailAddress = optional localityName = optional -subjectAltName.1 = optional -subjectAltName.2 = optional -subjectAltName.3 = optional -subjectAltName.4 = optional - - +subjectAltName = optional #################################################################### [ req ] @@ -102,7 +97,7 @@ default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes -x509_extensions = ssl_client_cert +x509_extensions = v3_ca_cert string_mask = nombstr [ req_distinguished_name ] @@ -136,6 +131,13 @@ challengePassword = A challenge password challengePassword_min = 4 challengePassword_max = 20 +[ v3_ca_cert ] +basicConstraints = critical, CA:true +nsCertType = sslCA +# Below is correct, but may prevent self-signed certs from working +keyUsage = cRLSign, keyCertSign +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always [ general_cert ] # Non-specific @@ -165,26 +167,16 @@ subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer:always policy = policy_acf_ca -[ v3_ca_cert ] +[ ssl_ca_cert ] # SSL Certifying Authority basicConstraints = critical, CA:true nsCertType = sslCA # Below is correct, but may prevent self-signed certs from working keyUsage = cRLSign, keyCertSign -#extendedKeyUsage = serverAuth, clientAuth -extenedKeyUsage = +extendedKeyUsage = subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer:always policy = policy_acf_ca [ crl_ext ] -basicConstraints = CA:FALSE -keyUsage = digitalSignature, keyEncipherment -subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer:always - -[ v3_req ] -# Extensions to add to a certificate request -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - |