lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-14 00:24:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix nsComment inconsistency in OpenSSL config (#3955)

Browse Source 
Read more about the Netscape extensions status: 

https://www.openssl.org/docs/man1.0.2/man5/x509v3_config.html
This commit is contained in:
vnxme 2020-03-10 11:48:53 +03:00 committed by GitHub
parent 8f3c89642c
commit faf71c7e70
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/etc/ssl/opnsense.cnf
View File

@ -174,7 +174,7 @@ basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
nsComment = "OPNsense Generated Client Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
@ -197,6 +197,8 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# Extensions for a typical CA
# This will be displayed in Netscape's comment listbox.
nsComment = "OPNsense Generated Certificate Authority"
# PKIX recommendation.
@ -220,6 +222,9 @@ basicConstraints = CA:true
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always
# This will be displayed in Netscape's comment listbox.
nsComment = "OPNsense Generated Certificate Revocation List"
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
@ -229,7 +234,7 @@ authorityKeyIdentifier=keyid:always
basicConstraints=CA:FALSE
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
nsComment = "OPNsense Generated Proxy Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
@ -273,7 +278,7 @@ ess_cert_id_chain = no # Must the ESS cert id chain be included?
# Make a cert with nsCertType=server
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "OpenSSL Generated Server Certificate"
nsComment = "OPNsense Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth,1.3.6.1.5.5.8.2.2
@ -295,7 +300,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ sign_csr ]
nsComment = "OPNsense Generated Certificate"
nsComment = "OPNsense Generated Certificate Signing Request"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always