[ssl_mgmt] Set CA:FALSE constraint for certs

master
Thomas Preud'homme 9 years ago
parent d991b290bf
commit ccfdd24ff3

@ -24,7 +24,7 @@ policy = policy_match
copy_extensions = copy
# We want those extensions only to generate the root certificates, so
# we specify it on the command line:
x509_extensions = v3_ca
x509_extensions = v3_x509
[ policy_match ]
countryName = match
@ -64,3 +64,8 @@ authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
subjectAltName = @ALTNAME@
[ v3_x509 ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always

@ -0,0 +1,3 @@
keyId= cnfFilePath=./ssl_mgmt.conf ../ssl_mgmt renew foo \
&& openssl x509 -in destdir/certs/foo-cert.pem -text -noout \
| grep -A 1 "X509v3 Basic Constraints:" | grep "CA:FALSE"

@ -0,0 +1,2 @@
echo
echo "y"

@ -0,0 +1 @@
../restore_foo_fini

@ -0,0 +1 @@
../save_foo_init
Loading…
Cancel
Save