1 files changed, 16 insertions, 3 deletions

diff --git a/scripts/resource-cert-samples/LIR2.cnf b/scripts/resource-cert-samples/LIR2.cnf
index a320a876..7e691e6d 100644
--- a/scripts/resource-cert-samples/LIR2.cnf
+++ b/scripts/resource-cert-samples/LIR2.cnf
@@ -13,11 +13,13 @@ name_opt = ca_default
 cert_opt = ca_default
 default_days = 365
 default_crl_days = 30
-default_md = sha1
+default_md = sha256
 preserve = no
 copy_extensions = copy
 policy = ca_policy_anything
 unique_subject = no
+x509_extensions = ca_x509_ext
+crl_extensions = crl_x509_ext
 
 [ ca_policy_anything ]
 countryName = optional
@@ -34,7 +36,7 @@ surname = optional
 default_bits = 2048
 encrypt_key = no
 distinguished_name = req_dn
-x509_extensions = req_x509_ext
+req_extensions = req_x509_ext
 prompt = no
 
 [ req_dn ]
@@ -43,9 +45,20 @@ CN = TEST ENTITY LIR2
 [ req_x509_ext ]
 basicConstraints = critical,CA:true
 subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid
 keyUsage = critical,keyCertSign,cRLSign
 subjectInfoAccess = 1.3.6.1.5.5.7.48.5;URI:rsync://wombats-r-us.hactrn.net/LIR2/
 authorityInfoAccess = caIssuers;URI:rsync://wombats-r-us.hactrn.net/RIR.cer
 sbgp-autonomousSysNum = critical,AS:64544
 sbgp-ipAddrBlock = critical,IPv6:2001:db8::44-2001:db8::100,IPv6:2001:db8::10:0:44/128
+
+[ ca_x509_ext ]
+basicConstraints = critical,CA:true
+authorityKeyIdentifier = keyid:always
+keyUsage = critical,keyCertSign,cRLSign
+subjectInfoAccess = 1.3.6.1.5.5.7.48.5;URI:rsync://wombats-r-us.hactrn.net/LIR2/
+authorityInfoAccess = caIssuers;URI:rsync://wombats-r-us.hactrn.net/RIR.cer
+sbgp-autonomousSysNum = critical,AS:64544
+sbgp-ipAddrBlock = critical,IPv6:2001:db8::44-2001:db8::100,IPv6:2001:db8::10:0:44/128
+
+[ crl_x509_ext ]
+authorityKeyIdentifier = keyid:always