More X509 V3 stuff. Add support for extensions in the 'req' application

so that: openssl req -x509 -new -out cert.pem will take extensions from openssl.cnf a sample for a CA is included. Also change the directory order so pem is nearer the end. Otherwise 'make links' wont work because pem.h can't be built.
author: Dr. Stephen Henson <steve@openssl.org> 1999-01-25 02:09:21 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 1999-01-25 02:09:21 +0100
commit: f317aa4c9cb03dd680247bdcf6a22c1b799890e7 (patch)
tree: 8eb5c59eb4c833f0c9079d5b58782dd783ddb1e0 /apps/openssl.cnf
parent: Add file x509v3.err. (diff)
download: openssl-f317aa4c9cb03dd680247bdcf6a22c1b799890e7.tar.xz
openssl-f317aa4c9cb03dd680247bdcf6a22c1b799890e7.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index c07083566f..fbc328fad4 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -63,6 +63,7 @@ default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the cert
 
 [ req_distinguished_name ]
 countryName			= Country Name (2 letter code)
@@ -117,3 +118,11 @@ nsCertType			= 0x40
 #nsCertExt
 #nsDataType
 
+[ v3_ca]
+
+# Extensions for a typical CA
+
+basicConstraints = CA:true
+keyUsage = cRLSign, keyCertSign
+
+
author	Dr. Stephen Henson <steve@openssl.org>	1999-01-25 02:09:21 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	1999-01-25 02:09:21 +0100
commit	f317aa4c9cb03dd680247bdcf6a22c1b799890e7 (patch)
tree	8eb5c59eb4c833f0c9079d5b58782dd783ddb1e0 /apps/openssl.cnf
parent	Add file x509v3.err. (diff)
download	openssl-f317aa4c9cb03dd680247bdcf6a22c1b799890e7.tar.xz openssl-f317aa4c9cb03dd680247bdcf6a22c1b799890e7.zip