Update: add keyUsage extension to CA and certificate generation
All checks were successful
/ test (push) Successful in 11s
All checks were successful
/ test (push) Successful in 11s
This commit is contained in:
@@ -123,7 +123,8 @@ function make_ca() {
|
||||
-noenc \
|
||||
-subj "/CN=${CA_NAME}" \
|
||||
-text \
|
||||
-addext "basicConstraints=critical,CA:TRUE,pathlen:1"; then
|
||||
-addext "basicConstraints=critical,CA:TRUE,pathlen:1" \
|
||||
-addext "keyUsage=critical,keyCertSign,cRLSign"; then
|
||||
echo "ERROR: Failed to generate CA certificate and key." >&2
|
||||
return 1
|
||||
fi
|
||||
@@ -146,6 +147,7 @@ function make_ca() {
|
||||
-noenc \
|
||||
-subj "/CN=${CA_NAME}" \
|
||||
-addext "basicConstraints=critical,CA:TRUE,pathlen:0" \
|
||||
-addext "keyUsage=critical,keyCertSign,cRLSign" \
|
||||
${AIA_BASE_URL:+-addext "authorityInfoAccess=caIssuers;URI:${AIA_BASE_URL}/ca_cert.crt"} \
|
||||
| openssl x509 \
|
||||
-req \
|
||||
@@ -301,7 +303,7 @@ function make_cert() {
|
||||
-noenc \
|
||||
-subj "/CN=${CERT_SUBJECT_NAME}" \
|
||||
-addext "basicConstraints=critical,CA:FALSE" \
|
||||
-addext "keyUsage=digitalSignature,keyEncipherment" \
|
||||
-addext "keyUsage=critical,digitalSignature,keyEncipherment" \
|
||||
-addext "extendedKeyUsage=serverAuth,clientAuth" \
|
||||
-addext "$SANS_EXT" \
|
||||
${AIA_URL:+-addext "authorityInfoAccess=caIssuers;URI:${AIA_URL}"} \
|
||||
|
||||
Reference in New Issue
Block a user