From: godog Date: Tue, 7 Oct 2014 21:30:48 +0000 (+0100) Subject: allow CA public key renewal X-Git-Url: https://v.licheni.net/stack/cam.git/commitdiff_plain/99d387f6bf8dd80a2e6250481db6ce49f8f68f02 allow CA public key renewal setting unique_subject = no allows for key rollovers: if the value yes is given, the valid certificate entries in the database must have unique subjects. if the value no is given, several valid certificate entries may have the exact same subject. The default value is yes, to be compatible with older (pre 0.9.8) versions of OpenSSL. However, to make CA certificate roll-over easier, it's recommended to use the value no, especially if combined with the -selfsign command line option. --- diff --git a/cam/templates/openssl_config b/cam/templates/openssl_config index 68296ff..383c454 100644 --- a/cam/templates/openssl_config +++ b/cam/templates/openssl_config @@ -2,6 +2,7 @@ RANDFILE = ${ENV::CAROOT}/.random [ ca ] default_ca = CA_default +unique_subject = no [ CA_default ] dir = ${ENV::CAROOT}