projects / oweals / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Remake cert links when the app is built.
[oweals/openssl.git] / apps / openssl.cnf
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 49cff56f35eb1ddc6c469d43e20a5d6763e2a8f3..ac442a732b0cf64a43ed598199e2b31bf5a5d035 100644 (file)
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -35,6 +35,7 @@ private_key   = $dir/private/cakey.pem# The private key
 RANDFILE       = $dir/private/.rand    # private random number file
 
 x509_extensions        = usr_cert              # The extentions to add to the cert
+crl_extensions = crl_ext               # Extensions to add to CRL
 default_days   = 365                   # how long to certify for
 default_crl_days= 30                   # how long before next CRL
 default_md     = md5                   # which md to use.
@@ -188,3 +189,11 @@ issuerAltName=issuer:copy
 # 1.2.3.5=RAW:02:03
 # You can even override a supported extension:
 # basicConstraints= critical, RAW:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
Unnamed repository; edit this file 'description' to name the repository.