summaryrefslogtreecommitdiff
path: root/testing/hosts/winnetou/etc/openssl/openssl.cnf
diff options
context:
space:
mode:
Diffstat (limited to 'testing/hosts/winnetou/etc/openssl/openssl.cnf')
-rw-r--r--testing/hosts/winnetou/etc/openssl/openssl.cnf9
1 files changed, 5 insertions, 4 deletions
diff --git a/testing/hosts/winnetou/etc/openssl/openssl.cnf b/testing/hosts/winnetou/etc/openssl/openssl.cnf
index 4a4027072..6433c7a24 100644
--- a/testing/hosts/winnetou/etc/openssl/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/openssl.cnf
@@ -42,7 +42,7 @@ crl_extensions = crl_ext # The extentions to add to the CRL
default_days = 1825 # how long to certify for
default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
+default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
email_in_dn = no # allow/forbid EMail in DN
@@ -146,6 +146,7 @@ subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer:always
subjectAltName = DNS:$ENV::COMMON_NAME
#extendedKeyUsage = OCSPSigning
+#extendedKeyUsage = serverAuth
crlDistributionPoints = URI:http://crl.strongswan.org/strongswan.crl
####################################################################
@@ -164,10 +165,10 @@ crlDistributionPoints = URI:http://crl.strongswan.org/strongswan.crl
[ ca_ext ]
-basicConstraints = critical, CA:TRUE
+basicConstraints = critical, CA:TRUE, pathlen:1
keyUsage = cRLSign, keyCertSign
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid, issuer:always
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid, issuer:always
####################################################################
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 03:25:11 +0000