diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-08-31 11:15:44 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-08-31 11:15:44 +0000 |
commit | ef6b34bec2adf7d62a91cb8901252bd95301a3d5 (patch) | |
tree | f303c30280c1e1b32008c64b9d9a5b349d2a58cc /demos/certs | |
parent | becfdb995baa14d1db3ebed7991545a15d6040d1 (diff) |
make EC test certificates usable for ECDH
Diffstat (limited to 'demos/certs')
-rw-r--r-- | demos/certs/apps/apps.cnf | 11 | ||||
-rw-r--r-- | demos/certs/apps/mkxcerts.sh | 4 |
2 files changed, 13 insertions, 2 deletions
diff --git a/demos/certs/apps/apps.cnf b/demos/certs/apps/apps.cnf index 99cb398742..a5da21678e 100644 --- a/demos/certs/apps/apps.cnf +++ b/demos/certs/apps/apps.cnf @@ -39,6 +39,17 @@ keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment # This will be displayed in Netscape's comment listbox. nsComment = "OpenSSL Generated Certificate" +[ ec_cert ] + +# These extensions are added when 'ca' signs a request for an end entity +# certificate + +basicConstraints=critical, CA:FALSE +keyUsage=critical, nonRepudiation, digitalSignature, keyAgreement + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid diff --git a/demos/certs/apps/mkxcerts.sh b/demos/certs/apps/mkxcerts.sh index 88fb1c57c7..0f88a48fb8 100644 --- a/demos/certs/apps/mkxcerts.sh +++ b/demos/certs/apps/mkxcerts.sh @@ -19,11 +19,11 @@ $OPENSSL ecparam -name P-256 -out ecp256.pem $OPENSSL ecparam -name P-384 -out ecp384.pem CN="OpenSSL Test P-256 SHA-256 cert" $OPENSSL req \ - -config apps.cnf -extensions usr_cert -x509 -nodes \ + -config apps.cnf -extensions ec_cert -x509 -nodes \ -nodes -keyout tecp256.pem -out tecp256.pem -newkey ec:ecp256.pem \ -days 3650 -sha256 CN="OpenSSL Test P-384 SHA-384 cert" $OPENSSL req \ - -config apps.cnf -extensions usr_cert -x509 -nodes \ + -config apps.cnf -extensions ec_cert -x509 -nodes \ -nodes -keyout tecp384.pem -out tecp384.pem -newkey ec:ecp384.pem \ -days 3650 -sha384 |