X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=demos%2Fcerts%2Fca.cnf;h=c45fcfd61ecd65cf30095d32248e7f0fb8370062;hp=195b2365282b0fcb1ba31d04a44f47eb7b118053;hb=79b184fb4b65d501352a189ff102b509e14e62ca;hpb=b6df360b9eacbb758c30cda76a45368ad9012e83

diff --git a/demos/certs/ca.cnf b/demos/certs/ca.cnf
index 195b236528..c45fcfd61e 100644
--- a/demos/certs/ca.cnf
+++ b/demos/certs/ca.cnf
@@ -7,6 +7,7 @@
 HOME			= .
 RANDFILE		= $ENV::HOME/.rnd
 CN			= "Not Defined"
+default_ca		= ca
 
 ####################################################################
 [ req ]
@@ -38,6 +39,31 @@ keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
 # This will be displayed in Netscape's comment listbox.
 nsComment			= "OpenSSL Generated Certificate"
 
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid
+# OCSP responder certificate
+[ ocsp_cert ]
+
+basicConstraints=critical, CA:FALSE
+keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid
+extendedKeyUsage=OCSPSigning
+
+[ dh_cert ]
+
+# These extensions are added when 'ca' signs a request for an end entity
+# DH certificate
+
+basicConstraints=critical, CA:FALSE
+keyUsage=critical, keyAgreement
+
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid
@@ -54,4 +80,7 @@ authorityKeyIdentifier=keyid:always
 basicConstraints = critical,CA:true
 keyUsage = critical, cRLSign, keyCertSign
 
-
+# Minimal CA entry to allow generation of CRLs.
+[ca]
+database=index.txt
+crlnumber=crlnum.txt