FIX: minor cert structure fixups

diff --git a/generateInfra.sh b/generateInfra.sh
index bd1b872483998c36c2f40e1e560fea9135ed2a3c..e6b74fb944dbd8126ad071e20159494595c95eee 100755 (executable)
--- a/generateInfra.sh
+++ b/generateInfra.sh
@@ -9,15 +9,16 @@ year=$1
 . commonFunctions
 
 CRL="
-crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/$year/env.crl
-authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/$year/env.crt"
+crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/$year/env-1.crl
+authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/$year/env-1.crt"
 
 cat <<TESTCA > req.cnf
 basicConstraints = critical,CA:false
 keyUsage = keyEncipherment, digitalSignature
 extendedKeyUsage=serverAuth
+
 subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer:always
+authorityKeyIdentifier = keyid:always
 $CRL
 TESTCA
 
@@ -25,8 +26,9 @@ cat <<TESTCA > reqClient.cnf
 basicConstraints = critical,CA:false
 keyUsage = keyEncipherment, digitalSignature
 extendedKeyUsage=clientAuth
+
 subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer:always
+authorityKeyIdentifier = keyid:always
 $CRL
 TESTCA
 
@@ -34,8 +36,9 @@ cat <<TESTCA > reqMail.cnf
 basicConstraints = critical,CA:false
 keyUsage = keyEncipherment, digitalSignature
 extendedKeyUsage=emailProtection
+
 subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer:always
+authorityKeyIdentifier = keyid:always
 $CRL
 TESTCA
 

diff --git a/generateKeys.sh b/generateKeys.sh
index 353acb15773b3dc47c336b7a2adc9ec154e42174..cf0fcad7a2aa7cd83b7652b2dc7617af68943fa6 100755 (executable)
--- a/generateKeys.sh
+++ b/generateKeys.sh
@@ -9,16 +9,22 @@ set -e
 ####### create various extensions files for the various certificate types ######
 cat <<TESTCA > ca.cnf
 basicConstraints = CA:true
-subjectKeyIdentifier = hash
 keyUsage = keyCertSign, cRLSign
+
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+
 crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/root.crl
 authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/root.crt
 TESTCA
 
 cat <<TESTCA > subca.cnf
 basicConstraints = CA:true
-subjectKeyIdentifier = hash
 keyUsage = keyCertSign, cRLSign
+
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+
 crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/root.crl
 authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/root.crt
 TESTCA

diff --git a/generateTime.sh b/generateTime.sh
index 71aa918f08ca896f6c46d9bb5e05c6ece7b223d4..0b0b0b4e8da46018c3e05aa1392635824acb166a 100755 (executable)
--- a/generateTime.sh
+++ b/generateTime.sh
@@ -9,8 +9,11 @@ year=$1
 genTimeCA(){ #csr,ca to sign with,start,end
     cat <<TESTCA > timesubca.cnf
 basicConstraints = CA:true
-subjectKeyIdentifier = hash
 keyUsage = keyCertSign, cRLSign
+
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+
 crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/$2.crl
 authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/$2.crt
 TESTCA
@@ -22,7 +25,7 @@ mkdir -p $year/ca
 
 
 STARTDATE="${year}"
-ENDDATE="$((${year} + 2))"
+ENDDATE="$((${year} + 3))"
 
 for i in $TIME_IDX; do
     point=${points[${i}]}