correctly set the email as subjectAltName of the CA certificate only; do not add...
[stack/cam.git] / cam / templates / ext_config
1 basicConstraints        = CA:false
2 nsCertType              = client, server
3 keyUsage                = nonRepudiation, digitalSignature, keyEncipherment
4 extendedKeyUsage        = clientAuth, serverAuth
5 nsComment               = "%(cn)s"
6 subjectKeyIdentifier    = hash
7 authorityKeyIdentifier  = keyid, issuer:always
8 subjectAltName          = @subject_alt_name
9 issuerAltName           = issuer:copy
10 nsCaRevocationUrl       = %(crl_url)s
11 nsRevocationUrl         = %(crl_url)s
12 crlDistributionPoints   = @cdp_section
13
14 [ subject_alt_name ]
15 %(alt_names)s
16
17 [ cdp_section ]
18 URI.1 = %(crl_url)s