Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
S1OVS
openvpn-server
Commits
13ef93f8
Commit
13ef93f8
authored
May 28, 2018
by
Matthew Smith
Browse files
Fix openssl config changes for upgraded security
parent
d39c630b
Changes
1
Hide whitespace changes
Inline
Side-by-side
config/openssl.cnf
View file @
13ef93f8
...
...
@@ -66,7 +66,6 @@ emailAddress = optional
[ req ]
# Commented out for bug hack reasons. See postinst for more info.
#prompt = no
extendedKeyUsage = clientAuth
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
...
...
@@ -139,8 +138,10 @@ basicConstraints=CA:FALSE
nsComment = "Generated by openvpn-server"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
extendedKeyUsage = clientAuth
keyUsage = digitalSignature,keyEncipherment
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
...
...
@@ -159,9 +160,10 @@ authorityKeyIdentifier=keyid,issuer:always
[ server ]
basicConstraints=CA:FALSE
extendedKeyUsage = serverAuth
keyUsage = digitalSignature,keyEncipherment
nsComment = "OpenSSL Generated Server Certificate"
subjectKeyIdentifier
=
hash
authorityKeyIdentifier
=
keyid,issuer:always
subjectKeyIdentifier
=
hash
authorityKeyIdentifier
=
keyid,issuer:always
[ v3_req ]
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment