From 8bb75361b096337474136b5153b0585c0fdc36f7 Mon Sep 17 00:00:00 2001
From: Someone <someone@somenet.org>
Date: Thu, 5 Feb 2015 01:08:59 +0100
Subject: [PATCH] Add CRL-URL into openssl.cnf

---
 openssl.cnf | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/openssl.cnf b/openssl.cnf
index 4c6604a..fee123c 100644
--- a/openssl.cnf
+++ b/openssl.cnf
@@ -14,8 +14,6 @@ default_crl_days	= 365            # how long before next CRL
 default_md			= sha512        # use public key default MD
 preserve			= no            # keep passed DN ordering
 
-x509_extensions		= ca_extensions     # The extensions to add to the cert
-
 unique_subject	= no
 email_in_dn		= no            # Don't concat the email in the DN
 copy_extensions	= copyall          # Required to copy SANs from CSR to cert
@@ -26,9 +24,13 @@ database	= $dir/index.txt
 serial		= $dir/serial
 certificate	= $dir/ca.crt
 
-policy		= policy_match
+x509_extensions	= ca_extensions
+policy			= ca_match
+
+[ ca_extensions ]
+crlDistributionPoints=URI:http://www.somenet.org/somenet.crl
 
-[ policy_match ]
+[ ca_match ]
 organizationName	= match
 countryName		= optional
 stateOrProvinceName	= optional
-- 
2.43.0