etc/ca-ssl.conf: updated according to email on openssl-users@openssl.org

author: Erich Eckner <git@eckner.net> 2020-02-13 06:43:17 +0100
committer: Erich Eckner <git@eckner.net> 2020-02-13 06:43:17 +0100
commit: 3618806fe36159b877a77ced032f1620fe653a03 (patch)
tree: 83112f46269b3424010d527db4ed226c14520e9f
parent: 8b34edaa8d29820999ab8a5031bd3e5f11f4de10 (diff)
download: simple-pki-3618806fe36159b877a77ced032f1620fe653a03.tar.xz
1 files changed, 3 insertions, 3 deletions
diff --git a/etc/ca-ssl.conf.in b/etc/ca-ssl.conf.in
index ad92ff5..7f6a190 100644
--- a/etc/ca-ssl.conf.in
+++ b/etc/ca-ssl.conf.in
@@ -101,13 +101,13 @@ emailAddress            = optional
 # create.
 
 [ root_ca_ext ]
-keyUsage                = critical,keyCertSign,cRLSign
-basicConstraints        = critical,CA:true
+keyUsage                = critical,keyCertSign,cRLSign,digitalSignature
+basicConstraints        = critical,CA:true,pathlen:1
 subjectKeyIdentifier    = hash
 authorityKeyIdentifier  = keyid:always
 
 [ signing_ca_ext ]
-keyUsage                = critical,keyCertSign,cRLSign
+keyUsage                = critical,keyCertSign,cRLSign,digitalSignature
 basicConstraints        = critical,CA:true,pathlen:0
 subjectKeyIdentifier    = hash
 authorityKeyIdentifier  = keyid:always
author	Erich Eckner <git@eckner.net>	2020-02-13 06:43:17 +0100
committer	Erich Eckner <git@eckner.net>	2020-02-13 06:43:17 +0100
commit	3618806fe36159b877a77ced032f1620fe653a03 (patch)
tree	83112f46269b3424010d527db4ed226c14520e9f
parent	8b34edaa8d29820999ab8a5031bd3e5f11f4de10 (diff)
download	simple-pki-3618806fe36159b877a77ced032f1620fe653a03.tar.xz