• godog's avatar
    allow CA public key renewal · 99d387f6
    godog authored
    setting unique_subject = no allows for key rollovers:
      if the value yes is given, the valid certificate entries in the database must
      have unique subjects. if the value no is given, several valid certificate
      entries may have the exact same subject. The default value is yes, to be
      compatible with older (pre 0.9.8) versions of OpenSSL. However, to make CA
      certificate roll-over easier, it's recommended to use the value no,
      especially if combined with the -selfsign command line option.
openssl_config 2.36 KB