using DOMAIN for AIA-urls

[nre.git] / generateKeys.sh

diff --git a/generateKeys.sh b/generateKeys.sh
index 353acb15773b3dc47c336b7a2adc9ec154e42174..d1b15ca1737b2b1217f2ac9941e4d3b208388d53 100755 (executable)
--- a/generateKeys.sh
+++ b/generateKeys.sh
@@ -9,18 +9,24 @@ set -e
 ####### create various extensions files for the various certificate types ######
 cat <<TESTCA > ca.cnf
 basicConstraints = CA:true
-subjectKeyIdentifier = hash
 keyUsage = keyCertSign, cRLSign
-crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/root.crl
-authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/root.crt
+
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+
+crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/root.crl
+authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/root.crt
 TESTCA
 
 cat <<TESTCA > subca.cnf
 basicConstraints = CA:true
-subjectKeyIdentifier = hash
 keyUsage = keyCertSign, cRLSign
-crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/root.crl
-authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/root.crt
+
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+
+crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/root.crl
+authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/root.crt
 TESTCA