Add v3_ca extension when generating CA.

openssl.cnf

@@ -29,6 +29,11 @@ emailAddress            = supplied
 default_bits            = 2048
 distinguished_name      = req_distinguished_name
 
+[ v3_ca ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = CA:true
+
 [ req_distinguished_name ]
 countryName                     = Country Name (2 letter code)
 countryName_default             = FR

shellpki.sh

@@ -35,6 +35,7 @@ $OPENSSL genrsa  -out $PREFIX/ca/private.key 2048
 $OPENSSL req            	    \
     -config $CONFFILE		    \
     -new -x509 -days 3650      	    \
+    -extensions v3_ca               \
     -keyout $PREFIX/ca/private.key  \
     -out $PREFIX/ca/cacert.pem