lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-15 00:54:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

OpenSSL: add keyUsage extension in CA config (#6017)

Browse Source 
see https://www.rfc-editor.org/rfc/rfc5280.html#section-4.2.1.3
This commit is contained in:
kulikov-a 2022-09-12 20:42:56 +03:00 committed by GitHub
parent a256ae1a8d
commit 7a06f387ca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/etc/ssl/opnsense.cnf
View File

@ -211,6 +211,10 @@ authorityKeyIdentifier=keyid:always,issuer
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# keyUsage (rfc5280): Conforming CAs MUST include this extension in certificates that contain public keys
# that are used to validate digital signatures on other public key certificates or CRLs.
# When present, conforming CAs SHOULD mark this extension as critical.
keyUsage = critical, cRLSign, digitalSignature, keyCertSign
###OPNsense:subjectAltName###