[ssl_mgmt] Set CA:FALSE constraint for certs
This commit is contained in:
parent
d991b290bf
commit
ccfdd24ff3
|
@ -24,7 +24,7 @@ policy = policy_match
|
||||||
copy_extensions = copy
|
copy_extensions = copy
|
||||||
# We want those extensions only to generate the root certificates, so
|
# We want those extensions only to generate the root certificates, so
|
||||||
# we specify it on the command line:
|
# we specify it on the command line:
|
||||||
x509_extensions = v3_ca
|
x509_extensions = v3_x509
|
||||||
|
|
||||||
[ policy_match ]
|
[ policy_match ]
|
||||||
countryName = match
|
countryName = match
|
||||||
|
@ -64,3 +64,8 @@ authorityKeyIdentifier = keyid:always,issuer:always
|
||||||
basicConstraints = CA:FALSE
|
basicConstraints = CA:FALSE
|
||||||
subjectKeyIdentifier = hash
|
subjectKeyIdentifier = hash
|
||||||
subjectAltName = @ALTNAME@
|
subjectAltName = @ALTNAME@
|
||||||
|
|
||||||
|
[ v3_x509 ]
|
||||||
|
basicConstraints = CA:FALSE
|
||||||
|
subjectKeyIdentifier = hash
|
||||||
|
authorityKeyIdentifier = keyid:always,issuer:always
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
keyId= cnfFilePath=./ssl_mgmt.conf ../ssl_mgmt renew foo \
|
||||||
|
&& openssl x509 -in destdir/certs/foo-cert.pem -text -noout \
|
||||||
|
| grep -A 1 "X509v3 Basic Constraints:" | grep "CA:FALSE"
|
|
@ -0,0 +1,2 @@
|
||||||
|
echo
|
||||||
|
echo "y"
|
|
@ -0,0 +1 @@
|
||||||
|
../restore_foo_fini
|
|
@ -0,0 +1 @@
|
||||||
|
../save_foo_init
|
Loading…
Reference in New Issue