From: Joni Hahkala Date: Mon, 18 Jan 2010 16:36:01 +0000 (+0000) Subject: make key usage critical as it should be and add ca:false flag X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=e0b9bceeaa67b9b451ac8f84b2b6bef264a05efd;p=glite-security-test-utils.git make key usage critical as it should be and add ca:false flag --- diff --git a/config/req_conf.cnf b/config/req_conf.cnf index fedc6fd..9e34fd8 100644 --- a/config/req_conf.cnf +++ b/config/req_conf.cnf @@ -67,9 +67,9 @@ nsComment = "OpenSSL Generated Server Certificate" [ ca_altname ] # This is OK for an SSL server. -nsCertType = server -nsComment = "OpenSSL Generated Server Certificate" -subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com [ ca_client ] # For normal client use this is typical @@ -83,7 +83,8 @@ nsComment = "OpenSSL Generated Client Server Certificate" [ ca_fclient ] # This is typical in keyUsage for a client certificate. -keyUsage = nonRepudiation, digitalSignature, keyEncipherment +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment nsComment = "OpenSSL Generated Client Certificate with key usage" [ ca_none ]