Use correct length when prompting for password.

[oweals/openssl.git] / apps / openssl.cnf

diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 6d731cbe8b732aba8111c56663949e7f84953e71..8fdacae9db4d06999ed6f37edb78bd3f4b170ebd 100644 (file)
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -67,7 +67,7 @@ cert_opt      = ca_default            # Certificate field options
 
 default_days   = 365                   # how long to certify for
 default_crl_days= 30                   # how long before next CRL
-default_md     = md5                   # which md to use.
+default_md     = sha1                  # which md to use.
 preserve       = no                    # keep passed DN ordering
 
 # A few difference way of specifying how similar the request should look
@@ -141,7 +141,7 @@ localityName                        = Locality Name (eg, city)
 organizationalUnitName         = Organizational Unit Name (eg, section)
 #organizationalUnitName_default        =
 
-commonName                     = Common Name (eg, YOUR name)
+commonName                     = Common Name (e.g. server FQDN or YOUR name)
 commonName_max                 = 64
 
 emailAddress                   = Email Address
@@ -188,7 +188,7 @@ nsComment                   = "OpenSSL Generated Certificate"
 
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
+authorityKeyIdentifier=keyid,issuer
 
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.