mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 06:37:08 +00:00
- Fix unbound-control-setup.cmd to have CA v3 basicConstraints,
like unbound-control-setup.sh has.
This commit is contained in:
parent
0c967e079c
commit
48b6c60a24
@ -2,6 +2,8 @@
|
|||||||
- Fix unbound-control-setup.cmd to use 3072 bits so that certificates
|
- Fix unbound-control-setup.cmd to use 3072 bits so that certificates
|
||||||
are long enough for newer OpenSSL versions.
|
are long enough for newer OpenSSL versions.
|
||||||
- Fix TTL of synthesized CNAME when a DNAME is used from cache.
|
- Fix TTL of synthesized CNAME when a DNAME is used from cache.
|
||||||
|
- Fix unbound-control-setup.cmd to have CA v3 basicConstraints,
|
||||||
|
like unbound-control-setup.sh has.
|
||||||
|
|
||||||
7 March 2024: Wouter
|
7 March 2024: Wouter
|
||||||
- Version set to 1.19.3 for release. After 1.19.2 point release with
|
- Version set to 1.19.3 for release. After 1.19.2 point release with
|
||||||
|
@ -98,9 +98,14 @@ echo default_bits=%BITS%>>request.cfg
|
|||||||
echo default_md=%HASH%>>request.cfg
|
echo default_md=%HASH%>>request.cfg
|
||||||
echo prompt=no>>request.cfg
|
echo prompt=no>>request.cfg
|
||||||
echo distinguished_name=req_distinguished_name>>request.cfg
|
echo distinguished_name=req_distinguished_name>>request.cfg
|
||||||
echo.>>request.cfg
|
echo x509_extensions=v3_ca>>request.cfg
|
||||||
echo [req_distinguished_name]>>request.cfg
|
echo [req_distinguished_name]>>request.cfg
|
||||||
echo commonName=%SERVERNAME%>>request.cfg
|
echo commonName=%SERVERNAME%>>request.cfg
|
||||||
|
echo [v3_ca]>>request.cfg
|
||||||
|
echo subjectKeyIdentifier=hash>>request.cfg
|
||||||
|
echo authorityKeyIdentifier=keyid:always,issuer:always>>request.cfg
|
||||||
|
echo basicConstraints=critical,CA:TRUE,pathlen:0>>request.cfg
|
||||||
|
echo subjectAltName=DNS:%SERVERNAME%>>request.cfg
|
||||||
|
|
||||||
if not exist request.cfg (
|
if not exist request.cfg (
|
||||||
echo could not create request.cfg
|
echo could not create request.cfg
|
||||||
@ -119,9 +124,12 @@ echo default_bits=%BITS%>>request.cfg
|
|||||||
echo default_md=%HASH%>>request.cfg
|
echo default_md=%HASH%>>request.cfg
|
||||||
echo prompt=no>>request.cfg
|
echo prompt=no>>request.cfg
|
||||||
echo distinguished_name=req_distinguished_name>>request.cfg
|
echo distinguished_name=req_distinguished_name>>request.cfg
|
||||||
echo.>>request.cfg
|
echo req_extensions=v3_req>>request.cfg
|
||||||
echo [req_distinguished_name]>>request.cfg
|
echo [req_distinguished_name]>>request.cfg
|
||||||
echo commonName=%CLIENTNAME%>>request.cfg
|
echo commonName=%CLIENTNAME%>>request.cfg
|
||||||
|
echo [v3_req]>>request.cfg
|
||||||
|
echo basicConstraints=critical,CA:FALSE>>request.cfg
|
||||||
|
echo subjectAltName=DNS:%CLIENTNAME%>>request.cfg
|
||||||
|
|
||||||
if not exist request.cfg (
|
if not exist request.cfg (
|
||||||
echo could not create request.cfg
|
echo could not create request.cfg
|
||||||
@ -129,7 +137,7 @@ exit 1
|
|||||||
)
|
)
|
||||||
|
|
||||||
echo create %CTL_BASE%.pem (signed client certificate)
|
echo create %CTL_BASE%.pem (signed client certificate)
|
||||||
"%SSL_PROGRAM%" req -key %CTL_BASE%.key -config request.cfg -new | "%SSL_PROGRAM%" x509 -req -days %DAYS% -CA %SVR_BASE%_trust.pem -CAkey %SVR_BASE%.key -CAcreateserial -%HASH% -out %CTL_BASE%.pem
|
"%SSL_PROGRAM%" req -key %CTL_BASE%.key -config request.cfg -new | "%SSL_PROGRAM%" x509 -req -days %DAYS% -CA %SVR_BASE%_trust.pem -CAkey %SVR_BASE%.key -CAcreateserial -%HASH% -extfile request.cfg -extensions v3_req -out %CTL_BASE%.pem
|
||||||
|
|
||||||
if not exist %CTL_BASE%.pem (
|
if not exist %CTL_BASE%.pem (
|
||||||
echo could not create %CTL_BASE%.pem
|
echo could not create %CTL_BASE%.pem
|
||||||
|
Loading…
Reference in New Issue
Block a user