FIX: minor cert structure fixups

[nre.git] / generateTime.sh

diff --git a/generateTime.sh b/generateTime.sh
index 71aa918f08ca896f6c46d9bb5e05c6ece7b223d4..0b0b0b4e8da46018c3e05aa1392635824acb166a 100755 (executable)
--- a/generateTime.sh
+++ b/generateTime.sh
@@ -9,8 +9,11 @@ year=$1
 genTimeCA(){ #csr,ca to sign with,start,end
     cat <<TESTCA > timesubca.cnf
 basicConstraints = CA:true
-subjectKeyIdentifier = hash
 keyUsage = keyCertSign, cRLSign
+
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+
 crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/$2.crl
 authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/$2.crt
 TESTCA
@@ -22,7 +25,7 @@ mkdir -p $year/ca
 
 
 STARTDATE="${year}"
-ENDDATE="$((${year} + 2))"
+ENDDATE="$((${year} + 3))"
 
 for i in $TIME_IDX; do
     point=${points[${i}]}