cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)

2025-04-03 21:27:38 +03:00 · 2015-11-09 14:16:39 +01:00 · 2015-11-09 14:16:39 +01:00 · cbb1f06088
commit cbb1f06088
parent b3a384b2e9
1 changed files with 10 additions and 4 deletions
--- a/certs/openssl.cnf
+++ b/certs/openssl.cnf
@ -13,8 +13,8 @@ SRVName  = 1.3.6.1.5.5.7.8.7
 default_bits       = 4096
 default_keyfile    = example.com.key
 distinguished_name = distinguished_name
-req_extensions     = v3_extensions
-x509_extensions    = v3_extensions
+req_extensions     = certrequest
+x509_extensions    = selfsigned

 # ask about the DN?
 prompt = no
@ -28,16 +28,22 @@ organizationName       = Your Organisation
 organizationalUnitName = XMPP Department
 emailAddress           = xmpp@example.com

-[ v3_extensions ]
+[ certrequest ]

 # for certificate requests (req_extensions)
-# and self-signed certificates (x509_extensions)

 basicConstraints = CA:FALSE
 keyUsage         = digitalSignature,keyEncipherment
 extendedKeyUsage = serverAuth,clientAuth
 subjectAltName   = @subject_alternative_name

+[ selfsigned ]
+
+# and self-signed certificates (x509_extensions)
+
+basicConstraints = CA:TRUE
+subjectAltName = @subject_alternative_name
+
 [ subject_alternative_name ]

 # See http://tools.ietf.org/html/rfc6120#section-13.7.1.2 for more info.