spki = spki[:20]
cerTmpl := x509.Certificate{
- KeyUsage: x509.KeyUsageDigitalSignature,
NotBefore: notBefore,
NotAfter: notAfter,
SerialNumber: sn,
if *ca {
cerTmpl.BasicConstraintsValid = true
cerTmpl.IsCA = true
- cerTmpl.KeyUsage |= x509.KeyUsageCertSign
+ cerTmpl.KeyUsage = x509.KeyUsageCertSign
} else {
cerTmpl.DNSNames = []string{*cn}
+ cerTmpl.KeyUsage = x509.KeyUsageDigitalSignature
}
if caCer == nil {