FS-5695 --resolve

diff --git a/scripts/gentls_cert.in b/scripts/gentls_cert.in
index 26da60c7f82a075cd44e0e5d5016d38c14a6bbe5..49b3940d5d0da3d9fe4c31e4c2a6853c9d06775c 100644 (file)
--- a/scripts/gentls_cert.in
+++ b/scripts/gentls_cert.in
@@ -7,7 +7,7 @@ export KEY_SIZE=${KEY_SIZE}
 
 TMPFILE="/tmp/fs-ca-$$-$(date +%Y%m%d%H%M%S)"
 
-COMMON_NAME="FreesSWITCH CA"
+COMMON_NAME="FreeSWITCH CA"
 ALT_NAME="DNS:test.freeswitch.org"
 ORG_NAME="FreeSWITCH"
 OUTFILE="agent.pem"
@@ -47,6 +47,7 @@ setup_ca() {
                        default_bits            = \$ENV::KEY_SIZE
                        prompt                  = no
                        distinguished_name      = req_dn
+                       x509_extensions         = v3_ca
 
                        [ req_dn ]
                        commonName              = %CN%
@@ -69,6 +70,12 @@ setup_ca() {
                        subjectAltName=%ALTNAME%
                        nsCertType=client
                        extendedKeyUsage=clientAuth
+
+                       [ v3_ca ]
+                       subjectKeyIdentifier=hash
+                       authorityKeyIdentifier=keyid:always,issuer
+                       basicConstraints=CA:TRUE
+
                EOF
        fi
 
@@ -84,6 +91,7 @@ setup_ca() {
                -new -x509 -keyout "${CONFDIR}/CA/cakey.pem" \
                -config "${TMPFILE}.cfg" -nodes -days ${DAYS} -sha1 >/dev/null || exit 1
        cat "${CONFDIR}/CA/cacert.pem" > "${CONFDIR}/cafile.pem"
+       cp $TMPFILE.cfg /tmp/ssl.cfg
        rm "${TMPFILE}.cfg"
 
        echo "DONE"