diff options
Diffstat (limited to 'demos/certs')
-rw-r--r-- | demos/certs/ca.cnf | 3 | ||||
-rw-r--r-- | demos/certs/mkcerts.sh | 2 |
2 files changed, 4 insertions, 1 deletions
diff --git a/demos/certs/ca.cnf b/demos/certs/ca.cnf index c45fcfd61e..ddf440bcc8 100644 --- a/demos/certs/ca.cnf +++ b/demos/certs/ca.cnf @@ -35,6 +35,7 @@ commonName = $ENV::CN basicConstraints=critical, CA:FALSE keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment +subjectAltName=DNS:crl.host.com # This will be displayed in Netscape's comment listbox. nsComment = "OpenSSL Generated Certificate" @@ -42,12 +43,14 @@ nsComment = "OpenSSL Generated Certificate" # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid +authorityInfoAccess = OCSP;URI:http://ocsp.host.com:8080/cgi-bin/prinenv/some/ocsp/path # OCSP responder certificate [ ocsp_cert ] basicConstraints=critical, CA:FALSE keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment + # This will be displayed in Netscape's comment listbox. nsComment = "OpenSSL Generated Certificate" diff --git a/demos/certs/mkcerts.sh b/demos/certs/mkcerts.sh index 18daa6bcfb..d0fdeac72e 100644 --- a/demos/certs/mkcerts.sh +++ b/demos/certs/mkcerts.sh @@ -15,7 +15,7 @@ $OPENSSL x509 -req -in intreq.pem -CA root.pem -days 3600 \ -extfile ca.cnf -extensions v3_ca -CAcreateserial -out intca.pem # Server certificate: create request first -CN="Test Server Cert" $OPENSSL req -config ca.cnf -nodes \ +CN="crl.host.com" $OPENSSL req -config ca.cnf -nodes \ -keyout skey.pem -out req.pem -newkey rsa:1024 # Sign request: end entity extensions $OPENSSL x509 -req -in req.pem -CA intca.pem -CAkey intkey.pem -days 3600 \ |