allow specifying nsCertType in config
[stack/cam.git] / cam / templates / ext_config
index 8a193b5..486c087 100644 (file)
@@ -1,19 +1,15 @@
 basicConstraints        = CA:false
 basicConstraints        = CA:false
-nsCertType              = client, server
+nsCertType              = %(usage)s
 keyUsage                = nonRepudiation, digitalSignature, keyEncipherment
 extendedKeyUsage        = clientAuth, serverAuth
 keyUsage                = nonRepudiation, digitalSignature, keyEncipherment
 extendedKeyUsage        = clientAuth, serverAuth
-nsComment               = "%(cn)s"
 subjectKeyIdentifier    = hash
 authorityKeyIdentifier  = keyid, issuer:always
 subjectAltName          = @subject_alt_name
 issuerAltName           = issuer:copy
 subjectKeyIdentifier    = hash
 authorityKeyIdentifier  = keyid, issuer:always
 subjectAltName          = @subject_alt_name
 issuerAltName           = issuer:copy
-nsCaRevocationUrl       = %(crl_url)s
-nsRevocationUrl         = %(crl_url)s
 crlDistributionPoints   = @cdp_section
 
 [ subject_alt_name ]
 %(alt_names)s
 crlDistributionPoints   = @cdp_section
 
 [ subject_alt_name ]
 %(alt_names)s
-email = copy
 
 [ cdp_section ]
 URI.1 = %(crl_url)s
 
 [ cdp_section ]
 URI.1 = %(crl_url)s