Commit 99d387f6 authored by godog's avatar godog

allow CA public key renewal

setting unique_subject = no allows for key rollovers:

  if the value yes is given, the valid certificate entries in the database must
  have unique subjects. if the value no is given, several valid certificate
  entries may have the exact same subject. The default value is yes, to be
  compatible with older (pre 0.9.8) versions of OpenSSL. However, to make CA
  certificate roll-over easier, it's recommended to use the value no,
  especially if combined with the -selfsign command line option.
parent 87fb6e3e
......@@ -2,6 +2,7 @@ RANDFILE = ${ENV::CAROOT}/.random
[ ca ]
default_ca = CA_default
unique_subject = no
[ CA_default ]
dir = ${ENV::CAROOT}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment