diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2014-09-12 20:59:39 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:53:17 +0200 |
commit | 3ff1e540bf170acabd9d5580b4d10acab543acda (patch) | |
tree | 60136c3f34f8ef899acfca20c86609bcb7f33104 /roles/common/files/usr/local | |
parent | 6ea8ec0514fdf4d237651914b5189d5cfedafc42 (diff) |
Key usage 'keyCertSign' is required for self-signed certificates.
Diffstat (limited to 'roles/common/files/usr/local')
-rwxr-xr-x | roles/common/files/usr/local/bin/genkeypair.sh | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/roles/common/files/usr/local/bin/genkeypair.sh b/roles/common/files/usr/local/bin/genkeypair.sh index dda0f28..d6539e2 100755 --- a/roles/common/files/usr/local/bin/genkeypair.sh +++ b/roles/common/files/usr/local/bin/genkeypair.sh @@ -60,7 +60,7 @@ usage() { --config: configuration file --pubkey: public key file (default: pubkey.pem) --privkey: private key file (default: privkey.pem; created with og-rwx) - --usage: key usage (default: digitalSignature,keyEncipherment) + --usage: key usage (default: digitalSignature,keyEncipherment,keyCertSign) --chmod: chmod the private key --chown: chown the private key @@ -171,7 +171,7 @@ if [ -z "$config" -a \( "$cmd" = x509 -o "$cmd" = csr \) ]; then subjectAltName = email:admin@fripost.org${dns:+, $dns} basicConstraints = critical, CA:FALSE # https://security.stackexchange.com/questions/24106/which-key-usages-are-required-by-each-key-exchange-method - keyUsage = critical, ${usage:-digitalSignature, keyEncipherment} + keyUsage = critical, ${usage:-digitalSignature, keyEncipherment, keyCertSign} EOF fi |