Commit 317f18ec authored by Leigh Stoller's avatar Leigh Stoller

Set CA:False, and add DNS extensions for boss CNAMES.

parent e6658ef6
......@@ -5,6 +5,7 @@ default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
req_extensions = v3_ca # The extentions to add to the self signed cert
encrypt_key = no
string_mask = nombstr
......@@ -22,5 +23,10 @@ emailAddress = @TBOPSEMAIL@
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
subjectAltName=@req_altname
basicConstraints = CA:false
[ req_altname ]
DNS.1 = www.@OURDOMAIN@
# M2Crypto requires this.
DNS.2 = @BOSSNODE@
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment