diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-12-14 23:28:19 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-12-14 23:28:19 +0000 |
commit | 11e2957d5f4208dc9e1929a4957f2cde79a94718 (patch) | |
tree | e68ed839b26cc850774324781b299f700b9e20a3 /demos | |
parent | 3a778a2913bede0d537abbcebe8093d3d7b1aa8a (diff) | |
download | openssl-new-11e2957d5f4208dc9e1929a4957f2cde79a94718.tar.gz |
apps/ocsp.c
Diffstat (limited to 'demos')
-rw-r--r-- | demos/certs/ca.cnf | 3 | ||||
-rw-r--r-- | demos/certs/mkcerts.sh | 2 |
2 files changed, 4 insertions, 1 deletions
diff --git a/demos/certs/ca.cnf b/demos/certs/ca.cnf index c45fcfd61e..ddf440bcc8 100644 --- a/demos/certs/ca.cnf +++ b/demos/certs/ca.cnf @@ -35,6 +35,7 @@ commonName = $ENV::CN basicConstraints=critical, CA:FALSE keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment +subjectAltName=DNS:crl.host.com # This will be displayed in Netscape's comment listbox. nsComment = "OpenSSL Generated Certificate" @@ -42,12 +43,14 @@ nsComment = "OpenSSL Generated Certificate" # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid +authorityInfoAccess = OCSP;URI:http://ocsp.host.com:8080/cgi-bin/prinenv/some/ocsp/path # OCSP responder certificate [ ocsp_cert ] basicConstraints=critical, CA:FALSE keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment + # This will be displayed in Netscape's comment listbox. nsComment = "OpenSSL Generated Certificate" diff --git a/demos/certs/mkcerts.sh b/demos/certs/mkcerts.sh index 18daa6bcfb..d0fdeac72e 100644 --- a/demos/certs/mkcerts.sh +++ b/demos/certs/mkcerts.sh @@ -15,7 +15,7 @@ $OPENSSL x509 -req -in intreq.pem -CA root.pem -days 3600 \ -extfile ca.cnf -extensions v3_ca -CAcreateserial -out intca.pem # Server certificate: create request first -CN="Test Server Cert" $OPENSSL req -config ca.cnf -nodes \ +CN="crl.host.com" $OPENSSL req -config ca.cnf -nodes \ -keyout skey.pem -out req.pem -newkey rsa:1024 # Sign request: end entity extensions $OPENSSL x509 -req -in req.pem -CA intca.pem -CAkey intkey.pem -days 3600 \ |