Commit d81c4cdb authored by ale's avatar ale

correctly set the email as subjectAltName of the CA certificate only; do not add it to the DN

parent a3143f42
......@@ -13,7 +13,6 @@ crlDistributionPoints = @cdp_section
[ subject_alt_name ]
%(alt_names)s
email = copy
[ cdp_section ]
URI.1 = %(crl_url)s
......@@ -27,7 +27,7 @@ countryName = supplied
organizationName = supplied
organizationalUnitName = optional
commonName = supplied
emailAddress = supplied
emailAddress = optional
[ policy_anything ]
countryName = optional
......@@ -56,9 +56,6 @@ organizationalUnitName_default = "%(ou)s"
commonName = Common Name
commonName_max = 64
commonName_default = "%(cn)s"
emailAddress = Email Address
emailAddress_max = 60
emailAddress_default = "%(email)s"
SET-ex3 = SET extension number 3
[ req_attributes ]
......@@ -72,6 +69,8 @@ basicConstraints = critical, CA:true
keyUsage = cRLSign, keyCertSign
nsCertType = sslCA, emailCA, objCA
nsComment = "%(cn)s"
subjectAltName = email:copy
subjectAltName = @ca_alt_name
issuerAltName = issuer:copy
[ ca_alt_name ]
email = "%(email)s"
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment