dan
/
certifix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fiddle with ca cert gen options 

this is because s6-tlsclient refused to connect with
 Not a CA, or path length constraint violation. (BR_ERR_X509_NOT_CA)
error
This commit is contained in:
Daniel Barlow 2024-10-02 00:26:44 +01:00
parent cc3e695174
commit 3aa3bacae9
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -36,7 +36,7 @@ chmod 0700 psk
# create CA key and cert used for signing # create CA key and cert used for signing
openssl genrsa -out ca.key 4096 openssl genrsa -out ca.key 4096
CN=CA openssl req -config openssl.cnf -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.crt CN=CA openssl req -config openssl.cnf -addext basicConstraints=critical,CA:TRUE,pathlen:1 --x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.crt
# create key for the server and sign it with the CA # create key for the server and sign it with the CA
CN=localhost openssl req -config openssl.cnf -newkey rsa:2048 -nodes -keyout server.key --out server.csr CN=localhost openssl req -config openssl.cnf -newkey rsa:2048 -nodes -keyout server.key --out server.csr