From 69ade895830b3d42534b9d30b9f0839a2f31fdc1 Mon Sep 17 00:00:00 2001
From: Jakub Czajka <jakub@ekhem.eu.org>
Date: Sun, 7 Dec 2025 00:16:08 +0100
Subject: [PATCH] [ca] Add -extfile.

---
 ca/README | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/ca/README b/ca/README
index f35deb0..f39ff05 100644
--- a/ca/README
+++ b/ca/README
@@ -25,11 +25,11 @@ Answer "." to each option except for `commonName`. Leave challenge password
 empty [2]. Subject alternative names can also be added [3].
 
 ```
-$ sudo --preserve-env openssl genrsa -out certs/private/<name>.key 4096
+$ sudo --preserve-env openssl genrsa -out private/<name>.key 4096
 $ sudo --preserve-env openssl req -config ca.cnf -new \
-    -key certs/private/<name>.key -out certs/<name>.csr
+    -key private/<name>.key -out <name>.csr
 $ sudo --preserve-env openssl x509 -req -days 365 -sha256 -CA ca.pem \
-    -CAkey private/ca.key -next_serial -in certs/<name>.csr -out certs/<name>.crt
+    -CAkey private/ca.key -next_serial -in <name>.csr -out <name>.crt
 ```
 
 Other output formats are also possible [4]. If generting an email certificate,
@@ -39,8 +39,8 @@ add an extensions [5].
 $ sudo --preserve-env openssl req -config ca.cnf -new \
     -key certs/private/<name>.key -out certs/<name>.csr -extensions email_cert
 $ sudo --preserve-env openssl x509 -req -days 365 -sha256 -CA ca.pem \
-    -CAkey private/ca.key -next_serial -in certs/<name>.csr \
-    -out certs/<name>.crt -extensions email_cert
+    -CAkey private/ca.key -next_serial -in <name>.csr -out <name>.crt \
+    -extensions email_cert -extfile ca.cnf
 ```
 
 Import
-- 
2.47.3