From bc95778acf403a666cadcba4bac69685600eb485 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Wed, 15 Aug 2018 22:28:31 +0300
Subject: specify CA key usage

---
 dmvpn-ca | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/dmvpn-ca b/dmvpn-ca
index 0b01bf1..610e8d4 100755
--- a/dmvpn-ca
+++ b/dmvpn-ca
@@ -292,6 +292,18 @@ function issue_cert(attrs, func)
 		)
 	)
 
+	if ca then
+		cert:addExtension(
+			x509ext.new(
+				'keyUsage',
+				'DER',
+				rfc5280.KeyUsage.encode{
+					['keyCertSign']=true, ['cRLSign']=true
+				}
+			)
+		)
+	end
+
 	local crl_dp = config.crl['dist-point']
 	if crl_dp then
 		cert:addExtension(
-- 
cgit v1.2.3