diff options
author | Chris Buechler <cmb@pfsense.org> | 2015-07-20 23:46:07 -0500 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2015-07-20 23:50:47 -0500 |
commit | 66ed8787c4e2706be8631b1c7b416a636808efd7 (patch) | |
tree | 0623190da1e0a7b5f0478fae4cab51c2e1f7762a /etc/ssl | |
parent | ed2265217acc84b6c83e307de01d25d0688cb603 (diff) | |
download | pfsense-66ed8787c4e2706be8631b1c7b416a636808efd7.zip pfsense-66ed8787c4e2706be8631b1c7b416a636808efd7.tar.gz |
Add IPsec IKE Intermediate EKU to server certificates. The serverAuth EKU already added suffices for Windows clients, though strongswan docs suggest setting this as well.
Diffstat (limited to 'etc/ssl')
-rw-r--r-- | etc/ssl/openssl.cnf | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/ssl/openssl.cnf b/etc/ssl/openssl.cnf index 75668f7..41664e6 100644 --- a/etc/ssl/openssl.cnf +++ b/etc/ssl/openssl.cnf @@ -235,7 +235,7 @@ nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always -extendedKeyUsage=serverAuth +extendedKeyUsage=serverAuth,1.3.6.1.5.5.8.2.2 keyUsage = digitalSignature, keyEncipherment [ server_san ] @@ -246,7 +246,7 @@ nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always -extendedKeyUsage=serverAuth +extendedKeyUsage=serverAuth,1.3.6.1.5.5.8.2.2 keyUsage = digitalSignature, keyEncipherment subjectAltName=$ENV::SAN |