always revoke the certificate, even if it is already expired

[stack/cam.git] / cam / templates / ext_config

diff --git a/cam/templates/ext_config b/cam/templates/ext_config
index 596e406..486c087 100644 (file)
--- a/cam/templates/ext_config
+++ b/cam/templates/ext_config
@@ -1,5 +1,5 @@
 basicConstraints        = CA:false
 basicConstraints        = CA:false

-nsCertType              = client, server
+nsCertType              = %(usage)s

 keyUsage                = nonRepudiation, digitalSignature, keyEncipherment
 extendedKeyUsage        = clientAuth, serverAuth
 subjectKeyIdentifier    = hash
 keyUsage                = nonRepudiation, digitalSignature, keyEncipherment
 extendedKeyUsage        = clientAuth, serverAuth
 subjectKeyIdentifier    = hash