mirror of https://github.com/openbsd/src.git
Set "unique_subject = no" to allow renewing expired certificates.
Without this, openssl throws an error when creating a second req for the same subject which leads to ikectl deleting the old cert without creating a new one. Reported by Ryan Kavanagh in openiked-portable here: https://github.com/openiked/openiked-portable/issues/125 discussed with tb@ ok patrick@
This commit is contained in:
parent
41d3eadea5
commit
255ae5e81c
|
@ -1,4 +1,4 @@
|
|||
# $OpenBSD: ikeca.cnf,v 1.9 2017/01/31 21:35:07 sthen Exp $
|
||||
# $OpenBSD: ikeca.cnf,v 1.10 2023/11/17 14:43:36 tobhe Exp $
|
||||
|
||||
CERT_C = DE
|
||||
CERT_ST = Lower Saxony
|
||||
|
@ -104,6 +104,6 @@ serial = $ENV::CASERIAL
|
|||
default_md = sha256
|
||||
default_days = 365
|
||||
default_crl_days = 365
|
||||
unique_subject = yes
|
||||
unique_subject = no
|
||||
email_in_dn = yes
|
||||
policy = CA_sign_policy
|
||||
|
|
Loading…
Reference in New Issue