[ssl_mgmt] Set CA:FALSE constraint for certs
This commit is contained in:
parent
d991b290bf
commit
ccfdd24ff3
|
@ -24,7 +24,7 @@ policy = policy_match
|
|||
copy_extensions = copy
|
||||
# We want those extensions only to generate the root certificates, so
|
||||
# we specify it on the command line:
|
||||
x509_extensions = v3_ca
|
||||
x509_extensions = v3_x509
|
||||
|
||||
[ policy_match ]
|
||||
countryName = match
|
||||
|
@ -64,3 +64,8 @@ authorityKeyIdentifier = keyid:always,issuer:always
|
|||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
subjectAltName = @ALTNAME@
|
||||
|
||||
[ v3_x509 ]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer:always
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
keyId= cnfFilePath=./ssl_mgmt.conf ../ssl_mgmt renew foo \
|
||||
&& openssl x509 -in destdir/certs/foo-cert.pem -text -noout \
|
||||
| grep -A 1 "X509v3 Basic Constraints:" | grep "CA:FALSE"
|
|
@ -0,0 +1,2 @@
|
|||
echo
|
||||
echo "y"
|
|
@ -0,0 +1 @@
|
|||
../restore_foo_fini
|
|
@ -0,0 +1 @@
|
|||
../save_foo_init
|
Loading…
Reference in New Issue