diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2014-10-30 01:58:15 -0400 |
---|---|---|
committer | Fraser Tweedale <frase@frase.id.au> | 2015-01-07 23:15:12 -0500 |
commit | 9e8c5189ab6cce6ded77316439b9fee92e27487c (patch) | |
tree | affd5b31271ff6a41809e6c573eaf58c1d4e175e /base/ca | |
parent | 422c1392992b28d41d8e4fe037acb6b1117345da (diff) | |
download | pki-9e8c5189ab6cce6ded77316439b9fee92e27487c.tar.gz pki-9e8c5189ab6cce6ded77316439b9fee92e27487c.tar.xz pki-9e8c5189ab6cce6ded77316439b9fee92e27487c.zip |
Enable Authority Key Identifier CRL extension by default
RFC 5280 states:
Conforming CRL issuers are REQUIRED to include the authority key
identifier (Section 5.2.1) and the CRL number (Section 5.2.3)
extensions in all CRLs issued.
Accordingly, update CS.cfg so that the Authority Key Identifier
extension is enabled by default.
Diffstat (limited to 'base/ca')
-rw-r--r-- | base/ca/shared/conf/CS.cfg.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/base/ca/shared/conf/CS.cfg.in b/base/ca/shared/conf/CS.cfg.in index 146c7a2a3..74f432956 100644 --- a/base/ca/shared/conf/CS.cfg.in +++ b/base/ca/shared/conf/CS.cfg.in @@ -604,7 +604,7 @@ ca.crl.MasterCRL.extension.AuthorityInformationAccess.numberOfAccessDescriptions ca.crl.MasterCRL.extension.AuthorityInformationAccess.type=CRLExtension ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.class=com.netscape.cms.crl.CMSAuthorityKeyIdentifierExtension ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.critical=false -ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.enable=false +ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.enable=true ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.type=CRLExtension ca.crl.MasterCRL.extension.CRLNumber.class=com.netscape.cms.crl.CMSCRLNumberExtension ca.crl.MasterCRL.extension.CRLNumber.critical=false |