mark basic constraints as critical

This commit is contained in:
Simon Josefsson
2014-10-01 21:26:31 +02:00
parent 83e6e4e58c
commit 7a07385ee4
+2 -2
View File
@@ -67,7 +67,7 @@ counter as follows:
CN=Yubico Internal HTTPS CA CN=Yubico Internal HTTPS CA
[ v3_ca ] [ v3_ca ]
subjectKeyIdentifier=hash subjectKeyIdentifier=hash
basicConstraints = CA:true, pathlen:1 basicConstraints=critical, CA:true, pathlen:1
keyUsage=critical, keyCertSign, cRLSign keyUsage=critical, keyCertSign, cRLSign
nameConstraints=@nc nameConstraints=@nc
[ nc ] [ nc ]
@@ -145,7 +145,7 @@ Generate the Sub-CA certificate request:
Generate the Sub-CA certificate: Generate the Sub-CA certificate:
cat>yubico-internal-https-subca-$user-crt.conf<<EOF cat>yubico-internal-https-subca-$user-crt.conf<<EOF
basicConstraints = CA:true, pathlen:0 basicConstraints = critical, CA:true, pathlen:0
keyUsage=critical, keyCertSign keyUsage=critical, keyCertSign
EOF EOF
openssl x509 -sha256 -CA yubico-internal-https-ca-crt.pem -CAkey yubico-internal-https-ca-key.pem -req -in yubico-internal-https-subca-$user-csr.pem -extfile yubico-internal-https-subca-$user-crt.conf -out yubico-internal-https-subca-$user-crt.pem openssl x509 -sha256 -CA yubico-internal-https-ca-crt.pem -CAkey yubico-internal-https-ca-key.pem -req -in yubico-internal-https-subca-$user-csr.pem -extfile yubico-internal-https-subca-$user-crt.conf -out yubico-internal-https-subca-$user-crt.pem