Commit 13ef93f8 authored by Matthew Smith's avatar Matthew Smith
Browse files

Fix openssl config changes for upgraded security

parent d39c630b
......@@ -66,7 +66,6 @@ emailAddress = optional
[ req ]
# Commented out for bug hack reasons. See postinst for more info.
#prompt = no
extendedKeyUsage = clientAuth
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
......@@ -139,8 +138,10 @@ basicConstraints=CA:FALSE
nsComment = "Generated by openvpn-server"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
extendedKeyUsage = clientAuth
keyUsage = digitalSignature,keyEncipherment
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
......@@ -159,9 +160,10 @@ authorityKeyIdentifier=keyid,issuer:always
[ server ]
basicConstraints=CA:FALSE
extendedKeyUsage = serverAuth
keyUsage = digitalSignature,keyEncipherment
nsComment = "OpenSSL Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
[ v3_req ]
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment