From 9b2099948254a188d8d17431bd5bf000724eb529 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Tue, 22 Aug 2017 11:56:24 +0300
Subject: [PATCH] - Stricter constraints.

---
 ssl-ca | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ssl-ca b/ssl-ca
index 2c29993..3e41fd3 100755
--- a/ssl-ca
+++ b/ssl-ca
@@ -41,10 +41,11 @@ RANDFILE = /dev/urandom
 CN = \${ENV::cn}
 
 [ v3_ca ]
-basicConstraints = CA:true
+basicConstraints = critical, CA:true
+keyUsage = keyCertSign, cRLSign
 
 [ v3_req ]
-basicConstraints = CA:false
+basicConstraints = critical, CA:false
 subjectAltName = @AltNames
 
 [ AltNames ]
-- 
GitLab