More extension code. Incomplete support for subject and issuer alt
[openssl.git] / apps / openssl.cnf
index 27abc08..81dee57 100644 (file)
@@ -127,6 +127,7 @@ basicConstraints=CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 
 nsComment                      = "OpenSSL Generated Certificate"
+subjectKeyIdentifier=hash
 
 #nsCaRevocationUrl             = http://www.domain.dom/ca-crl.pem
 #nsBaseUrl
@@ -142,6 +143,10 @@ nsComment                  = "OpenSSL Generated Certificate"
 # It's a CA certificate
 basicConstraints = CA:true
 
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.
 #basicConstraints = critical,CA:true