allow CA public key renewal
[stack/cam.git] / cam / templates / openssl_config
index 4d97548..383c454 100644 (file)
@@ -1,10 +1,11 @@
-RANDFILE = %(basedir)s/.random
+RANDFILE = ${ENV::CAROOT}/.random
 
 [ ca ]
 default_ca              = CA_default
 
 [ ca ]
 default_ca              = CA_default
+unique_subject          = no
 
 [ CA_default ]
 
 [ CA_default ]
-dir                     = %(basedir)s
+dir                     = ${ENV::CAROOT}
 certs                   = $dir/public/certs
 crl_dir                 = $dir/public/crl
 crl                     = $dir/public/crl.pem
 certs                   = $dir/public/certs
 crl_dir                 = $dir/public/crl
 crl                     = $dir/public/crl.pem