]> WPIA git - nre.git/blobdiff - generateKeys.sh
projects / nre.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
FIX: minor cert structure fixups
[nre.git] / generateKeys.sh
diff --git a/generateKeys.sh b/generateKeys.sh
index 353acb15773b3dc47c336b7a2adc9ec154e42174..cf0fcad7a2aa7cd83b7652b2dc7617af68943fa6 100755 (executable)
--- a/generateKeys.sh
+++ b/generateKeys.sh
@@ -9,16 +9,22 @@ set -e
 ####### create various extensions files for the various certificate types ######
 cat <<TESTCA > ca.cnf
 basicConstraints = CA:true
-subjectKeyIdentifier = hash
 keyUsage = keyCertSign, cRLSign
+
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+
 crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/root.crl
 authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/root.crt
 TESTCA
 
 cat <<TESTCA > subca.cnf
 basicConstraints = CA:true
-subjectKeyIdentifier = hash
 keyUsage = keyCertSign, cRLSign
+
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+
 crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/root.crl
 authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/root.crt
 TESTCA
WPIA Root Certificate Generation Procedure