Implement CRL numbers.

[openssl.git] / apps / openssl.cnf

diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index eca51c3322803c21c213c72516126a869bbc7f80..8941f454f8a577d088f5628772498a75e2f21e54 100644 (file)
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -38,10 +38,14 @@ dir         = ./demoCA              # Where everything is kept
 certs          = $dir/certs            # Where the issued certs are kept
 crl_dir                = $dir/crl              # Where the issued crl are kept
 database       = $dir/index.txt        # database index file.
+#unique_subject        = no                    # Set to 'no' to allow creation of
+                                       # several ctificates with same subject.
 new_certs_dir  = $dir/newcerts         # default place for new certs.
 
 certificate    = $dir/cacert.pem       # The CA certificate
 serial         = $dir/serial           # The current serial number
+crlnumber      = $dir/crlnumber        # the current crl number
+                                       # must be commented out to leave a V1 CRL
 crl            = $dir/crl.pem          # The current CRL
 private_key    = $dir/private/cakey.pem# The private key
 RANDFILE       = $dir/private/.rand    # private random number file
@@ -58,6 +62,7 @@ cert_opt      = ca_default            # Certificate field options
 
 # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
 # so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
 # crl_extensions       = crl_ext
 
 default_days   = 365                   # how long to certify for