Docs, minor cert tweaks.

2 files changed, 6 insertions, 3 deletions

diff --git a/libmproxy/resources/ca.cnf b/libmproxy/resources/ca.cnf
index e46bb08f..c65c66c8 100644
--- a/libmproxy/resources/ca.cnf
+++ b/libmproxy/resources/ca.cnf
@@ -5,24 +5,27 @@ x509_extensions = v3_ca
 req_extensions = v3_ca_req
 
 [ req_distinguished_name ]
-organizationName               = mitmproxy
-commonName                     = Dummy CA
+organizationName                = mitmproxy
+commonName                      = mitmproxy
 
 [ v3_ca ]
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid:always,issuer
 basicConstraints = critical,CA:true
 keyUsage = cRLSign, keyCertSign
+extendedKeyUsage=serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC
 nsCertType = sslCA
 
 [ v3_ca_req ]
 basicConstraints = critical,CA:true
 keyUsage = cRLSign, keyCertSign
+extendedKeyUsage=serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC
 nsCertType = sslCA
 
 [ v3_cert ]
 basicConstraints = CA:false
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage=serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC
 nsCertType = server
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid:always,issuer
@@ -30,4 +33,5 @@ authorityKeyIdentifier=keyid:always,issuer
 [ v3_cert_req ]
 basicConstraints = CA:false
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage=serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC
 nsCertType = server
diff --git a/libmproxy/utils.py b/libmproxy/utils.py
index 34c49e14..f4df813f 100644
--- a/libmproxy/utils.py
+++ b/libmproxy/utils.py
@@ -411,7 +411,6 @@ def dummy_cert(certdir, ca, commonname):
             "-days", "9999",
             "-out", certpath,
             "-CA", ca,
-            "-CAcreateserial",
             "-extfile", confpath,
             "-extensions", "v3_cert",
         ]