make key usage critical as it should be and add ca:false flag

author Joni Hahkala <joni.hahkala@cern.ch>

Mon, 18 Jan 2010 16:36:01 +0000 (16:36 +0000)

committer Joni Hahkala <joni.hahkala@cern.ch>

Mon, 18 Jan 2010 16:36:01 +0000 (16:36 +0000)
author Joni Hahkala <joni.hahkala@cern.ch>
Mon, 18 Jan 2010 16:36:01 +0000 (16:36 +0000)
committer Joni Hahkala <joni.hahkala@cern.ch>
Mon, 18 Jan 2010 16:36:01 +0000 (16:36 +0000)
diff --git a/config/req_conf.cnf b/config/req_conf.cnf

index fedc6fd..9e34fd8 100644 (file)
--- a/config/req_conf.cnf
+++ b/config/req_conf.cnf
@@ -67,9 +67,9 @@ nsComment             = "OpenSSL Generated Server Certificate"
  \r
  [ ca_altname ]\r
  # This is OK for an SSL server.\r
-nsCertType                     = server\r
-nsComment                      = "OpenSSL Generated Server Certificate"\r
-subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com\r
+nsCertType             = server\r
+nsComment              = "OpenSSL Generated Server Certificate"\r
+subjectAltName                 = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com\r
  \r
  [ ca_client ]\r
  # For normal client use this is typical\r
@@ -83,7 +83,8 @@ nsComment             = "OpenSSL Generated Client Server Certificate"
  \r
  [ ca_fclient ]\r
  # This is typical in keyUsage for a client certificate.\r
-keyUsage               = nonRepudiation, digitalSignature, keyEncipherment\r
+basicConstraints       = CA:false\r
+keyUsage               = critical, nonRepudiation, digitalSignature, keyEncipherment\r
  nsComment              = "OpenSSL Generated Client Certificate with key usage"\r
  \r
  [ ca_none ]\r
author	Joni Hahkala <joni.hahkala@cern.ch>
	Mon, 18 Jan 2010 16:36:01 +0000 (16:36 +0000)
committer	Joni Hahkala <joni.hahkala@cern.ch>
	Mon, 18 Jan 2010 16:36:01 +0000 (16:36 +0000)