aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2018-08-15 22:28:31 +0300
committerKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2018-09-01 21:34:45 +0300
commitbc95778acf403a666cadcba4bac69685600eb485 (patch)
tree728cf642773fd7548d225fdab36bc84412347d7d
parente650553d9bd9655597a5d6447650f0dd9fdf9f29 (diff)
downloaddmvpn-tools-bc95778acf403a666cadcba4bac69685600eb485.tar.bz2
dmvpn-tools-bc95778acf403a666cadcba4bac69685600eb485.tar.xz
specify CA key usage
-rwxr-xr-xdmvpn-ca12
1 files changed, 12 insertions, 0 deletions
diff --git a/dmvpn-ca b/dmvpn-ca
index 0b01bf1..610e8d4 100755
--- a/dmvpn-ca
+++ b/dmvpn-ca
@@ -292,6 +292,18 @@ function issue_cert(attrs, func)
)
)
+ if ca then
+ cert:addExtension(
+ x509ext.new(
+ 'keyUsage',
+ 'DER',
+ rfc5280.KeyUsage.encode{
+ ['keyCertSign']=true, ['cRLSign']=true
+ }
+ )
+ )
+ end
+
local crl_dp = config.crl['dist-point']
if crl_dp then
cert:addExtension(