summaryrefslogtreecommitdiffstats
path: root/apps/openssl.cnf
diff options
context:
space:
mode:
Diffstat (limited to 'apps/openssl.cnf')
-rw-r--r--apps/openssl.cnf5
1 files changed, 5 insertions, 0 deletions
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 27abc08bad..81dee57055 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -127,6 +127,7 @@ basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
nsComment = "OpenSSL Generated Certificate"
+subjectKeyIdentifier=hash
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
@@ -142,6 +143,10 @@ nsComment = "OpenSSL Generated Certificate"
# It's a CA certificate
basicConstraints = CA:true
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 20:44:35 +0100