Commit 6868c4a6 authored by Leigh Stoller's avatar Leigh Stoller

Set CA:False, and add DNS request extension for boss cnames.

parent 317f18ec
......@@ -5,6 +5,7 @@ default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
req_extensions = v3_ca # The extentions to add to the self signed cert
encrypt_key = no
string_mask = nombstr
......@@ -23,5 +24,8 @@ emailAddress = @TBOPSEMAIL@
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
subjectAltName=@req_altname
basicConstraints = CA:false
[ req_altname ]
DNS.1 = boss.@OURDOMAIN@
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment