Add v3_ca extension when generating CA.
This commit is contained in:
parent
6a0f7712b0
commit
1d294c2463
|
@ -29,6 +29,11 @@ emailAddress = supplied
|
||||||
default_bits = 2048
|
default_bits = 2048
|
||||||
distinguished_name = req_distinguished_name
|
distinguished_name = req_distinguished_name
|
||||||
|
|
||||||
|
[ v3_ca ]
|
||||||
|
subjectKeyIdentifier=hash
|
||||||
|
authorityKeyIdentifier=keyid:always,issuer:always
|
||||||
|
basicConstraints = CA:true
|
||||||
|
|
||||||
[ req_distinguished_name ]
|
[ req_distinguished_name ]
|
||||||
countryName = Country Name (2 letter code)
|
countryName = Country Name (2 letter code)
|
||||||
countryName_default = FR
|
countryName_default = FR
|
||||||
|
|
|
@ -35,6 +35,7 @@ $OPENSSL genrsa -out $PREFIX/ca/private.key 2048
|
||||||
$OPENSSL req \
|
$OPENSSL req \
|
||||||
-config $CONFFILE \
|
-config $CONFFILE \
|
||||||
-new -x509 -days 3650 \
|
-new -x509 -days 3650 \
|
||||||
|
-extensions v3_ca \
|
||||||
-keyout $PREFIX/ca/private.key \
|
-keyout $PREFIX/ca/private.key \
|
||||||
-out $PREFIX/ca/cacert.pem
|
-out $PREFIX/ca/cacert.pem
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue