X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2Fopenssl.cnf;h=fbc328fad41ef9c218788fd9198442d4776b20ad;hp=2621d90d31b70e4b229670a5eb3e14406bf66fcf;hb=f317aa4c9cb03dd680247bdcf6a22c1b799890e7;hpb=dfeab0689f69c0b4bd3480ffd37a9cacc2f17d9c

diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 2621d90d31..fbc328fad4 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -1,5 +1,5 @@
 #
-# SSLeay example configuration file.
+# OpenSSL example configuration file.
 # This is mostly being used for generation of certificate requests.
 #
 
@@ -63,6 +63,7 @@ default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the cert
 
 [ req_distinguished_name ]
 countryName			= Country Name (2 letter code)
@@ -80,7 +81,7 @@ localityName			= Locality Name (eg, city)
 
 # we can do this but it is not needed normally :-)
 #1.organizationName		= Second Organization Name (eg, company)
-#1.organizationName_default	= CryptSoft Pty Ltd
+#1.organizationName_default	= World Wide Web Pty Ltd
 
 organizationalUnitName		= Organizational Unit Name (eg, section)
 #organizationalUnitName_default	=
@@ -102,7 +103,7 @@ unstructuredName		= An optional company name
 
 [ x509v3_extensions ]
 
-nsCaRevocationUrl		= http://www.cryptsoft.com/ca-crl.pem
+nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
 nsComment			= "This is a comment"
 
 # under ASN.1, the 0 bit would be encoded as 80
@@ -117,3 +118,11 @@ nsCertType			= 0x40
 #nsCertExt
 #nsDataType
 
+[ v3_ca]
+
+# Extensions for a typical CA
+
+basicConstraints = CA:true
+keyUsage = cRLSign, keyCertSign
+
+