projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
More extension code. Incomplete support for subject and issuer alt
[openssl.git] / apps / openssl.cnf
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 27abc08bad1a53079790171e153ddc04aea193b2..81dee570557d069621613762c8b4fa499c879b0d 100644 (file)
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -127,6 +127,7 @@ basicConstraints=CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 
 nsComment                      = "OpenSSL Generated Certificate"
+subjectKeyIdentifier=hash
 
 #nsCaRevocationUrl             = http://www.domain.dom/ca-crl.pem
 #nsBaseUrl
@@ -142,6 +143,10 @@ nsComment                  = "OpenSSL Generated Certificate"
 # It's a CA certificate
 basicConstraints = CA:true
 
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.
 #basicConstraints = critical,CA:true
Unnamed repository; edit this file 'description' to name the repository.