diff options
| -rw-r--r-- | etc/ca-ssl.conf.in | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/etc/ca-ssl.conf.in b/etc/ca-ssl.conf.in index ad92ff5..7f6a190 100644 --- a/etc/ca-ssl.conf.in +++ b/etc/ca-ssl.conf.in @@ -101,13 +101,13 @@ emailAddress = optional # create. [ root_ca_ext ] -keyUsage = critical,keyCertSign,cRLSign -basicConstraints = critical,CA:true +keyUsage = critical,keyCertSign,cRLSign,digitalSignature +basicConstraints = critical,CA:true,pathlen:1 subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always [ signing_ca_ext ] -keyUsage = critical,keyCertSign,cRLSign +keyUsage = critical,keyCertSign,cRLSign,digitalSignature basicConstraints = critical,CA:true,pathlen:0 subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always |