aboutsummaryrefslogtreecommitdiffstats
path: root/apps/openssl.cnf
diff options
context:
space:
mode:
Diffstat (limited to 'apps/openssl.cnf')
-rw-r--r--apps/openssl.cnf6
1 files changed, 6 insertions, 0 deletions
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index e5e2eee56f..fbf0a1ba7f 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -127,7 +127,11 @@ basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations
subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
@@ -147,6 +151,8 @@ basicConstraints = CA:true
subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-29 23:59:54 +0000