add example for DH certificate generation

author: Dr. Stephen Henson <steve@openssl.org> 2012-01-25 16:33:39 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-01-25 16:33:39 +0000
commit: ccd395cbcc5176fc2a8137b0d297aef04077c059 (patch)
tree: ac5fc3d0ab7a03b04a668371ca058c74711e11d8 /demos/certs/ca.cnf
parent: 0d609395158f3dfc0e30c1d687294f75263c532c (diff)
download: openssl-new-ccd395cbcc5176fc2a8137b0d297aef04077c059.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/demos/certs/ca.cnf b/demos/certs/ca.cnf
index 195b236528..a1b6bd799e 100644
--- a/demos/certs/ca.cnf
+++ b/demos/certs/ca.cnf
@@ -42,6 +42,18 @@ nsComment			= "OpenSSL Generated Certificate"
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid
 
+[ dh_cert ]
+
+# These extensions are added when 'ca' signs a request for an end entity
+# DH certificate
+
+basicConstraints=critical, CA:FALSE
+keyUsage=critical, keyAgreement
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid
+
 [ v3_ca ]
author	Dr. Stephen Henson <steve@openssl.org>	2012-01-25 16:33:39 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-01-25 16:33:39 +0000
commit	ccd395cbcc5176fc2a8137b0d297aef04077c059 (patch)
tree	ac5fc3d0ab7a03b04a668371ca058c74711e11d8 /demos/certs/ca.cnf
parent	0d609395158f3dfc0e30c1d687294f75263c532c (diff)
download	openssl-new-ccd395cbcc5176fc2a8137b0d297aef04077c059.tar.gz