Skip to content

Commit

Permalink
add digitalSignature keyUsage to CA, for signing OCSP response
Browse files Browse the repository at this point in the history 
Signed-off-by: Youfu Zhang <[email protected]>
  • Loading branch information
@zhangyoufu
zhangyoufu committed Jun 25, 2021
1 parent a0d8767 commit d73dd6e
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion easyrsa3/openssl-easyrsa.cnf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ basicConstraints = critical, CA:true

# Limit key usage to CA tasks. If you really want to use the generated pair as
# a self-signed cert, comment this out.
keyUsage = critical, cRLSign, keyCertSign
keyUsage = critical, cRLSign, digitalSignature, keyCertSign

# nsCertType omitted by default. Let's try to let the deprecated stuff die.
# nsCertType = sslCA
Expand Down
2 changes: 1 addition & 1 deletion easyrsa3/x509-types/ca
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,5 @@
basicConstraints = critical, CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
keyUsage = critical, cRLSign, keyCertSign
keyUsage = critical, cRLSign, digitalSignature, keyCertSign

0 comments on commit d73dd6e

Please sign in to comment.