Skip to content

Commit

Permalink
add digitalSignature keyUsage to CA, for signing OCSP response
Browse files Browse the repository at this point in the history 
Signed-off-by: Youfu Zhang <[email protected]>
  • Loading branch information
@zhangyoufu
zhangyoufu committed Mar 29, 2022
1 parent 89b229a commit 7c9cc4e
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion easyrsa3/openssl-easyrsa.cnf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ basicConstraints = critical, CA:true

# Limit key usage to CA tasks. If you really want to use the generated pair as
# a self-signed cert, comment this out.
keyUsage = critical, cRLSign, keyCertSign
keyUsage = critical, cRLSign, digitalSignature, keyCertSign

# nsCertType omitted by default. Let's try to let the deprecated stuff die.
# nsCertType = sslCA
Expand Down
2 changes: 1 addition & 1 deletion easyrsa3/x509-types/ca
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,4 @@
basicConstraints = critical, CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
keyUsage = critical, cRLSign, keyCertSign
keyUsage = critical, cRLSign, digitalSignature, keyCertSign

0 comments on commit 7c9cc4e

Please sign in to comment.