summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorErich Eckner <git@eckner.net>2020-02-13 06:43:17 +0100
committerErich Eckner <git@eckner.net>2020-02-13 06:43:17 +0100
commit3618806fe36159b877a77ced032f1620fe653a03 (patch)
tree83112f46269b3424010d527db4ed226c14520e9f
parent8b34edaa8d29820999ab8a5031bd3e5f11f4de10 (diff)
downloadsimple-pki-3618806fe36159b877a77ced032f1620fe653a03.tar.xz
etc/ca-ssl.conf: updated according to email on openssl-users@openssl.org
-rw-r--r--etc/ca-ssl.conf.in6
1 files changed, 3 insertions, 3 deletions
diff --git a/etc/ca-ssl.conf.in b/etc/ca-ssl.conf.in
index ad92ff5..7f6a190 100644
--- a/etc/ca-ssl.conf.in
+++ b/etc/ca-ssl.conf.in
@@ -101,13 +101,13 @@ emailAddress = optional
# create.
[ root_ca_ext ]
-keyUsage = critical,keyCertSign,cRLSign
-basicConstraints = critical,CA:true
+keyUsage = critical,keyCertSign,cRLSign,digitalSignature
+basicConstraints = critical,CA:true,pathlen:1
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always
[ signing_ca_ext ]
-keyUsage = critical,keyCertSign,cRLSign
+keyUsage = critical,keyCertSign,cRLSign,digitalSignature
basicConstraints = critical,CA:true,pathlen:0
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always