From 3618806fe36159b877a77ced032f1620fe653a03 Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Thu, 13 Feb 2020 06:43:17 +0100 Subject: etc/ca-ssl.conf: updated according to email on openssl-users@openssl.org --- etc/ca-ssl.conf.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/etc/ca-ssl.conf.in b/etc/ca-ssl.conf.in index ad92ff5..7f6a190 100644 --- a/etc/ca-ssl.conf.in +++ b/etc/ca-ssl.conf.in @@ -101,13 +101,13 @@ emailAddress = optional # create. [ root_ca_ext ] -keyUsage = critical,keyCertSign,cRLSign -basicConstraints = critical,CA:true +keyUsage = critical,keyCertSign,cRLSign,digitalSignature +basicConstraints = critical,CA:true,pathlen:1 subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always [ signing_ca_ext ] -keyUsage = critical,keyCertSign,cRLSign +keyUsage = critical,keyCertSign,cRLSign,digitalSignature basicConstraints = critical,CA:true,pathlen:0 subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always -- cgit v1.2.3-70-g09d2