arif/xcat-core
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Have keyUsage and extendedkeyusage set for user/server certficates as is befitting each role

Browse Source 
git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@14876 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
This commit is contained in:
jbjohnso 2013-01-14 16:40:51 +00:00
parent 92508cf564
commit f740315ef2
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
xCAT-server/share/xcat/ca/openssl.cnf.tmpl
View File

@ -162,6 +162,8 @@ nsCertType = server, client, objsign
nsComment = "OpenSSL Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
keyUsage = digiatalSignature,KeyAgreement
extendedKeyUsage = serverAuth
[ usr_cert ]
@ -171,6 +173,8 @@ authorityKeyIdentifier=keyid,issuer
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
keyUsage = digiatalSignature,KeyAgreement
extendedKeyUsage = clientAuth
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.