add more extensions for certificates in doc

This commit is contained in:
Klas Lindfors
2015-04-09 10:13:30 +02:00
parent 4bd13b7254
commit df018b24b4
+2
View File
@@ -193,8 +193,10 @@ Then generate a new private key and certificate request:
Then sign the certificate using the NEO: Then sign the certificate using the NEO:
cat>yubico-internal-https-ee-$host-crt.conf<<EOF cat>yubico-internal-https-ee-$host-crt.conf<<EOF
basicConstraints = critical,CA:false
keyUsage=critical,digitalSignature,keyEncipherment keyUsage=critical,digitalSignature,keyEncipherment
extendedKeyUsage=critical,serverAuth extendedKeyUsage=critical,serverAuth
subjectAltName=critical,DNS:$host.yubico.com
EOF EOF
openssl << EOF openssl << EOF
engine dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre NO_VCHECK:1 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -pre VERBOSE engine dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre NO_VCHECK:1 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -pre VERBOSE