apps/ocsp.c

2 files changed, 4 insertions, 1 deletions

diff --git a/demos/certs/ca.cnf b/demos/certs/ca.cnf
index c45fcfd61e..ddf440bcc8 100644
--- a/demos/certs/ca.cnf
+++ b/demos/certs/ca.cnf
@@ -35,6 +35,7 @@ commonName			= $ENV::CN
 
 basicConstraints=critical, CA:FALSE
 keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName=DNS:crl.host.com
 
 # This will be displayed in Netscape's comment listbox.
 nsComment			= "OpenSSL Generated Certificate"
@@ -42,12 +43,14 @@ nsComment			= "OpenSSL Generated Certificate"
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid
+authorityInfoAccess = OCSP;URI:http://ocsp.host.com:8080/cgi-bin/prinenv/some/ocsp/path
 # OCSP responder certificate
 [ ocsp_cert ]
 
 basicConstraints=critical, CA:FALSE
 keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
 
+
 # This will be displayed in Netscape's comment listbox.
 nsComment			= "OpenSSL Generated Certificate"
 
diff --git a/demos/certs/mkcerts.sh b/demos/certs/mkcerts.sh
index 18daa6bcfb..d0fdeac72e 100644
--- a/demos/certs/mkcerts.sh
+++ b/demos/certs/mkcerts.sh
@@ -15,7 +15,7 @@ $OPENSSL x509 -req -in intreq.pem -CA root.pem -days 3600 \
 	-extfile ca.cnf -extensions v3_ca -CAcreateserial -out intca.pem
 
 # Server certificate: create request first
-CN="Test Server Cert" $OPENSSL req -config ca.cnf -nodes \
+CN="crl.host.com" $OPENSSL req -config ca.cnf -nodes \
 	-keyout skey.pem -out req.pem -newkey rsa:1024
 # Sign request: end entity extensions
 $OPENSSL x509 -req -in req.pem -CA intca.pem -CAkey intkey.pem -days 3600 \