Don't add the TS EKU by default in openssl.cnf because it then
authorDr. Stephen Henson <steve@openssl.org>
Tue, 7 Nov 2006 14:27:55 +0000 (14:27 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 7 Nov 2006 14:27:55 +0000 (14:27 +0000)
makes certificates genereated by ca, CA.pl etc useless for anything else.

apps/openssl.cnf

index 2995800..7bcaa53 100644 (file)
@@ -212,7 +212,7 @@ authorityKeyIdentifier=keyid,issuer
 #nsSslServerName
 
 # This is required for TSA certificates.
 #nsSslServerName
 
 # This is required for TSA certificates.
-extendedKeyUsage = critical,timeStamping
+extendedKeyUsage = critical,timeStamping
 
 [ v3_req ]
 
 
 [ v3_req ]