Add CRL-URL into openssl.cnf

diff --git a/openssl.cnf b/openssl.cnf
index 4c6604a63303a2a16748afd5aa7387b0bb717f55..fee123cabd0d639865a83f306f1ca3c1b3209028 100644 (file)
--- a/openssl.cnf
+++ b/openssl.cnf
@@ -14,8 +14,6 @@ default_crl_days      = 365            # how long before next CRL
 default_md                     = sha512        # use public key default MD
 preserve                       = no            # keep passed DN ordering
 
-x509_extensions                = ca_extensions     # The extensions to add to the cert
-
 unique_subject = no
 email_in_dn            = no            # Don't concat the email in the DN
 copy_extensions        = copyall          # Required to copy SANs from CSR to cert
@@ -26,9 +24,13 @@ database     = $dir/index.txt
 serial         = $dir/serial
 certificate    = $dir/ca.crt
 
-policy         = policy_match
+x509_extensions        = ca_extensions
+policy                 = ca_match
+
+[ ca_extensions ]
+crlDistributionPoints=URI:http://www.somenet.org/somenet.crl
 
-[ policy_match ]
+[ ca_match ]
 organizationName       = match
 countryName            = optional
 stateOrProvinceName    = optional