tests: Added basic constraints extension to the CA certs

The IPA installer refuses to accept certs signed with a CA-signature that does
not have basic constraints enabled (Described in RFC 5280)

Reviewed-By: David Kupka <dkupka@redhat.com>
This commit is contained in:
Oleg Fayans 2016-09-07 09:52:33 +02:00 committed by David Kupka
parent bbac233b5e
commit 2f6ffa326a

View File

@ -38,7 +38,10 @@ gen_cert() {
csr="$(mktemp)"
crt="$(mktemp)"
certutil -R -d "$dbdir" -s "$subject" -f "$pwfile" -z "$noise" -o "$csr" -4 >/dev/null <<EOF
certutil -R -d "$dbdir" -s "$subject" -f "$pwfile" -z "$noise" -o "$csr" -4 -2 >/dev/null <<EOF
y
0
N
1
7
file://$crl_path/$ca.crl