[ca] Add -extfile.

author Jakub Czajka <jakub@ekhem.eu.org>

Sat, 6 Dec 2025 23:16:08 +0000 (00:16 +0100)

committer Jakub Czajka <jakub@ekhem.eu.org>

Sat, 6 Dec 2025 23:16:08 +0000 (00:16 +0100)
author Jakub Czajka <jakub@ekhem.eu.org>
Sat, 6 Dec 2025 23:16:08 +0000 (00:16 +0100)
committer Jakub Czajka <jakub@ekhem.eu.org>
Sat, 6 Dec 2025 23:16:08 +0000 (00:16 +0100)
diff --git a/ca/README b/ca/README

index f35deb03cfa5bf9281c9ff76ef0ba913fa036312..f39ff05eabf29f501a26c39c7a21337df837cd84 100644 (file)
--- a/ca/README
+++ b/ca/README
@@ -25,11 +25,11 @@ Answer "." to each option except for `commonName`. Leave challenge password
  empty [2]. Subject alternative names can also be added [3].
  
  ```
-$ sudo --preserve-env openssl genrsa -out certs/private/<name>.key 4096
+$ sudo --preserve-env openssl genrsa -out private/<name>.key 4096
  $ sudo --preserve-env openssl req -config ca.cnf -new \
-    -key certs/private/<name>.key -out certs/<name>.csr
+    -key private/<name>.key -out <name>.csr
  $ sudo --preserve-env openssl x509 -req -days 365 -sha256 -CA ca.pem \
-    -CAkey private/ca.key -next_serial -in certs/<name>.csr -out certs/<name>.crt
+    -CAkey private/ca.key -next_serial -in <name>.csr -out <name>.crt
  ```
  
  Other output formats are also possible [4]. If generting an email certificate,
@@ -39,8 +39,8 @@ add an extensions [5].
  $ sudo --preserve-env openssl req -config ca.cnf -new \
      -key certs/private/<name>.key -out certs/<name>.csr -extensions email_cert
  $ sudo --preserve-env openssl x509 -req -days 365 -sha256 -CA ca.pem \
-    -CAkey private/ca.key -next_serial -in certs/<name>.csr \
-    -out certs/<name>.crt -extensions email_cert
+    -CAkey private/ca.key -next_serial -in <name>.csr -out <name>.crt \
+    -extensions email_cert -extfile ca.cnf
  ```
  
  Import
author	Jakub Czajka <jakub@ekhem.eu.org>
	Sat, 6 Dec 2025 23:16:08 +0000 (00:16 +0100)
committer	Jakub Czajka <jakub@ekhem.eu.org>
	Sat, 6 Dec 2025 23:16:08 +0000 (00:16 +0100)