From 1d294c246385257fdfb3c9aa469c8db0c10a4882 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= <bserie@evolix.fr>
Date: Sun, 5 Mar 2017 15:11:54 +0100
Subject: [PATCH] Add v3_ca extension when generating CA.

---
 openssl.cnf | 5 +++++
 shellpki.sh | 1 +
 2 files changed, 6 insertions(+)

diff --git a/openssl.cnf b/openssl.cnf
index 79aa814..10b6777 100644
--- a/openssl.cnf
+++ b/openssl.cnf
@@ -29,6 +29,11 @@ emailAddress            = supplied
 default_bits            = 2048
 distinguished_name      = req_distinguished_name
 
+[ v3_ca ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = CA:true
+
 [ req_distinguished_name ]
 countryName                     = Country Name (2 letter code)
 countryName_default             = FR
diff --git a/shellpki.sh b/shellpki.sh
index 4e29ec9..a56dd41 100755
--- a/shellpki.sh
+++ b/shellpki.sh
@@ -35,6 +35,7 @@ $OPENSSL genrsa  -out $PREFIX/ca/private.key 2048
 $OPENSSL req            	    \
     -config $CONFFILE		    \
     -new -x509 -days 3650      	    \
+    -extensions v3_ca               \
     -keyout $PREFIX/ca/private.key  \
     -out $PREFIX/ca/cacert.pem