From e0b9bceeaa67b9b451ac8f84b2b6bef264a05efd Mon Sep 17 00:00:00 2001 From: Joni Hahkala Date: Mon, 18 Jan 2010 16:36:01 +0000 Subject: [PATCH] make key usage critical as it should be and add ca:false flag --- config/req_conf.cnf | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/config/req_conf.cnf b/config/req_conf.cnf index fedc6fd..9e34fd8 100644 --- a/config/req_conf.cnf +++ b/config/req_conf.cnf @@ -67,9 +67,9 @@ nsComment = "OpenSSL Generated Server Certificate" [ ca_altname ] # This is OK for an SSL server. -nsCertType = server -nsComment = "OpenSSL Generated Server Certificate" -subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com [ ca_client ] # For normal client use this is typical @@ -83,7 +83,8 @@ nsComment = "OpenSSL Generated Client Server Certificate" [ ca_fclient ] # This is typical in keyUsage for a client certificate. -keyUsage = nonRepudiation, digitalSignature, keyEncipherment +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment nsComment = "OpenSSL Generated Client Certificate with key usage" [ ca_none ] -- 1.8.2.3