projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Show an example of moving the emailAddress object from the subkect DN
[openssl.git] / apps / openssl.cnf
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index f02b2bdf84278f3fcfcfdf303b60f8d6a6a11c64..eca51c3322803c21c213c72516126a869bbc7f80 100644 (file)
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -53,6 +53,9 @@ x509_extensions       = usr_cert              # The extentions to add to the cert
 name_opt       = ca_default            # Subject Name options
 cert_opt       = ca_default            # Certificate field options
 
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
 # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
 # so this is commented out by default to leave a V1 CRL.
 # crl_extensions       = crl_ext
@@ -185,6 +188,9 @@ authorityKeyIdentifier=keyid,issuer:always
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
 # subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
 
 # Copy subject details
 # issuerAltName=issuer:copy
Unnamed repository; edit this file 'description' to name the repository.