From 34c28b6a2d14860f532d47e0553497cd8f812ef8 Mon Sep 17 00:00:00 2001
From: Lans Zhang <jia.zhang@windriver.com>
Date: Mon, 3 Jul 2017 20:54:51 +0800
Subject: [PATCH] meta-signing-key: enable authorityKeyIdentifier for x509 v3

Otherwise the x509 parser in kernel cannot load a x509 certificate without
authorityKeyIdentifier.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
---
 meta-signing-key/files/ima_keys/x509_ima.der  | Bin 757 -> 799 bytes
 meta-signing-key/files/ima_keys/x509_ima.key  |  52 +++++++++---------
 .../system_trusted_key.der                    | Bin 855 -> 855 bytes
 .../system_trusted_key.key                    |  52 +++++++++---------
 .../scripts/create-user-key-store.sh          |   5 +-
 meta-signing-key/scripts/openssl.cnf          |   2 +
 6 files changed, 57 insertions(+), 54 deletions(-)
 create mode 100644 meta-signing-key/scripts/openssl.cnf

diff --git a/meta-signing-key/files/ima_keys/x509_ima.der b/meta-signing-key/files/ima_keys/x509_ima.der
index 4528908f2eb2ce09277dba7781c2339acaa6b125..69bc015752c8a7e82ba0b40fb3502d0ed1dac8eb 100644
GIT binary patch
delta 608
zcmV-m0-yc$1)l~DFoFXcFoFUDpaTK{0+9$_6EQM0IWsX@7Y#BuFgGwUF)}nck$Gc(
zwav9tz3N&}Sa>uJaR_5cN^2!qkEtL7n2<MVMmzFo`X0joSX*?-|L<rTq)dLV$36Yk
zP^2xRVHcx>gDlJvfg55bllO-uEc^PGYy7_=o(#WB&_d)8>Utce`z9<Qi9!$$A@~d4
zwO_vVdh3e1W4^N;$OX24d5~$%4UTVrRmHm-&bWG^NUq>{1Dv%-sDSp1;QL)KLk(Q;
z7)Sws5hdFs`)+T-J5fip%K`wu5-hroT#Zy<f|{togF#A)u9a}LABIcqdc`Z0(5hN%
z-m(0oHdsFmJ~Fx56m|({8gzn2*uxxYgA+dAqNt~KgYakNN;$+OR5A<OFnG}{1``4U
z0RRD`BQPN_9|i+e9U}x7FcyFm9mWCDwb4cdk*B2_(SS(nS35RWli>jre`4`pDBjWy
zI&4Bww8eLNQAi(;&$hogmNP!-FGz+l6?Zo?9PGu`HKIR&PT(O6u(tuy=ReXY1+4G(
z1@Cu#09D!RH_64T)=xRF8dGiu<uobhj+0T^K}qU#*GZ&4AI$Xocv{2t15t-~|ADvJ
z$7EtcEo~WSELkzC51E<Gf9fjK^o5|yI+DxU`7gR-&H<QW3yXv$l#UIsB0ScIWmNek
z9=u^-mhvcy(iG(fR&79losLG>?a2Zzo4*@XoE(49@M#fB3t80Gcf%S!pLTbZUE@9n
u{SWzObbHoBATb5C)R&Pedja-jsotyI-6}-Nb~f$YCcF|48pn`j0{Pm>G!RGt

delta 581
zcmV-L0=oU52K5C9FoFW{FoFTukqurGFfubZGcj5h4Kg<{H!v|UGBY@leq(>$Z?^aR
zs2N2~K(9dIQxJSR`P;9A8cxR5<Q-864a$-KWf_KAVk4bD6Z_y9%&?J=H2{6;x*7e6
z5BQ-)hmQ{0$y_lha5;}$W1sz<X`xOGCRj;sdn4qtvs~I+F>Dk?%$RR$F6VzgK`3O!
z|9Itj@-3{NQ9Bb^8OjA74N89j_Dii8+||RM!0%cvhxE2jVB&OPgKJpQj)__9L)BdW
znP(Y-YBrD_9cB5Ff06uvo4U}bD2xSwK&?Zl-LPUZYKwe6mjPP(-#gUcF9XJPX-6>K
zKWjdX_kFP&<_fBw3@@NY@>>@eF-L{qJLz_n1j;i}j-KY`S;?09c&>kxO#%Y}00A%!
z1_>&LNQU<f0RamI00V*n0RUf<@v-uB9gj1Rb&Qb&`lKQ~?7HRQl(pv`(Apc`<tDyd
zflgS0DCeL_#DMijBVCFSOh3qvo8C2^>it+ump^_18l9}A-Emm_Y;2(yw%d$I7%+Jd
z@c$-FZ=TtmtP4~v;%<M-h)S8T&IUoNo{^KnJ(21O-s*7o4UG`C(2<O3=ZrJ#6QDt;
zjN4Mv{(kKPFPYr2jyY193k?1185b;lfupkjD)jWU%@65otJD?z$?6}LVwIJ4z0csn
z`}(KSw{YBV;R1rEMxuh+j}AyUorrzCo{ykV{z82>>toQtRa+e!-I2ZX^HDd0>6yqx
TPwT`z*mnADU!U@#63!^zOQ#ua

diff --git a/meta-signing-key/files/ima_keys/x509_ima.key b/meta-signing-key/files/ima_keys/x509_ima.key
index fcb2235..4c6977f 100644
--- a/meta-signing-key/files/ima_keys/x509_ima.key
+++ b/meta-signing-key/files/ima_keys/x509_ima.key
@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDeb7b3/KgZRU1A
-r0DhUxB8O/nbr4QaTsbV5B1RCA3Kkf9lGYZaYiOdPxP74BnMsJGQNQB96roZ/YkP
-+KFFh48O2slcMSlwOY9cY5/9nWmhTgwmWElueyPks7Nc2lsxbBRFzJhvay7nfz9B
-KGTF/3jlefItrJ9ROxNZGcoFHg1KAfZLrRjc1cOfwO9aLof0tk9g4nRhg2tY0o6J
-WexD1Vz/mWcZgmo2kB4dZfmSf5H8gJu60KgojAWAQK1DqN2wYjJqi3w+lwFa+t87
-1OAvA8Z1aUcw3T9rPo33fbEb5gqqngwvoEbyWxcYMUeF4DvpdpUEyjNRjp7m5lnJ
-lvl4rpRNAgMBAAECggEASv0ChAvrZ8mTR7FNgCkOr7NQgp1jPbM9GTK0J3M9owMh
-RKYcQzA+rW5sgEeGqxkDmcgkiE6vur9ci8PYKqaOtgVQSQJR5AGjsRPtBgUhbT3w
-nqS47MQaz6k9WJpMkBbNptJYuYc64tRlMMQ7ZPzBdytrV7aQZ0QxO6KUFrGQ7Vem
-waWA3V4bDCvZ0PzKjSeFfvL0RiQTVAgnZ8PMz8y1UhDPr2DoDABlk1igylkm1tF8
-i5XNNVQpZfrU1Y7Ja4NtlZKJZuMTb4w3ZB05/ZovNum9VdrR+Xr8YLC3Udc1r4QZ
-eaKV7Y1MSt2Vcz7VNNBb12llzzcoWRWejNmIdI07gQKBgQD+tRLzJT1OhfUc+IlG
-vwuGCs+ZC8tdmiD4a2S4g1OdzmTaOL9BkqnxrtjskCe8aMTK7fvMfzhb6UFG/TMH
-OpuTFUthEmbKMrqI83K7kAP3iFhivGo85zNwB1DAMe9swqHseyvOyrCr0jcoyK6Q
-lKtruGxDVo3xmsubvSYl3JbqcQKBgQDfkLaHehq8N7nonlSXpfFjpP+EBtrSBmYv
-hycKyRYvRkTGWLnNoGUN9h1l9jNkNi13hcbgBzX38EKYBlHiTGC3AUR5hPwGRtJM
-IPscjAqHPK4HzKt2hRkpb6Q3TyglACJlNLiDLx0Ju7leevXUWlBhIF5u32Q8fB7q
-+hv+5bIdnQKBgFgzD7rOvGoCjRxZHAA5i54BBF407VkeVChx19Dk+QF+RQIkAGaO
-iPa92zQfvwLJLMwwmK75puR84zPX3eG088Z86ztUCfAenOVrl+FHP3hp6GFYaVlp
-njA++EF1iTkaNMQU6tiS65a0FpGy3HAIa0vD8wlmYYS2W6c0Wo9l0YShAoGAJVVF
-Jdp+HHAx22aVOb28Uad8A9AhOnFXHxiyrFpoGfzh/z1RycS/G1W+EwjKDDH/5bWx
-QDf0CzNT648inWejvuu3Q5OxglrRQ2U+icXY/Dxl02eaOnB/gyvhgFr3mTYsiDoF
-leKINtfiXKSr6IosYgvFuT4UvwT7JMIfarFwzQECgYA7ExwbDmIRIQv90gsMKeqr
-Uqa5qHFO4yiwQtL62gebiBYFIg3YyIR9KDXOLG6H8/ZhkOuZZAEGUwD4upVHBUpx
-UbbgB6d131lWlMNNyE0PYvGtnQyfPf17tQ+/2cjm7XND+KOr+FcEk5yZrp6WZBLJ
-eBkLu91VLcnvu2/aXxCYpw==
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC1zbVTvepaUFh4
+NA5xCGNJSmslWY+pIAOYkDdpRjvyaPoewwBYW3TJ/+9oGqRMfq/HPf3VUKQto2EX
+o4SDLMwSgRtiJpP3hyUs+/qXa/y/Ip4Mv0vQQuQQ6nocpvsmLCGJQhAPIfgL3rVf
+vvV664q6Y76zHcgFtn95kGnNDY5vVcW7G864eqFIruB5A5y1R6iA9ovg+10vQw1c
+8BhIAX8RJdsk+25vwjtRR7TLAgC/Eiy6jlyNVGCCmqjBg0FKiq6VcLUfhkvtesUr
+lNCqWmvesfykNlg/DT4yudoUdgloGnSCRtjDHGmDEz7foqindoPwZ+VKOcQlVDIL
+2zB40QYTAgMBAAECggEAOWJaz7nsVOFza02TGV56aFHTDBD+5XUzbV5n/xSqK1Oz
+Ty5h14HWlUPxfzyZi4OZXBxXGJPBnp4pMVrtorHrIBQcXpiqr8C6nT5T1KPDPVlh
+5cgj1/KlJim8rXqPX3cihr6RbxVbw/Nh8HzH4yqhuT9um/7Ueekmx2or2wtiYAV7
+1GoIWvIP/tEnSLiPDtkHu/u71IggqsI2NZMx4ojfIrtRd3m7M5NGNYK95fasCfoY
+WfNHNowR6fNI8hhpTJd4eVf5v3oM0KziE+gy+APYTxMsH+P/D+9/f9ZAOnt/mIbe
+FScxOjrMADkGFKDS1q2fMfjMpdZa24iBmwvbEMILsQKBgQDv6QO3wtl54ZT1mvBi
+PQBsppRu8WEqoaGN0VKfh5+tOFeEgiOnaMHGvr56TKrJyFj5fuRCHNyVHEaGI7a8
+DkcFs55QVhI4MWUzLMYF44zjG4iMoNkQ3BvdbBEKzwcbWVILLhweXsl+MrfbvufC
+XLiq/jHunPjqgtLeQhtL9+NUjQKBgQDB/xGFaUkzqxpWQ4gUrq4RMcknZwB6iwVn
+/CpcfTkiEeaqjptAtkhicecEel+a8y6wcrDL4bZ7s3zQmWBdq7vDZ7grOQiavh4Z
+nwrmyscYTpdEj9mKwnmXCdyQMk3cjvZ3MGke6btQ9Cvi301IqKQuo6asEbrp5clQ
+YMMoiWEtHwKBgQCT2uGlsPpi+TnanCCmCr5mN8unDDA8G9z7EBSBqQ4prV2Slrnu
+hMtX91pg+TsQnN7o9OEsNalkZEa6iOwnvgzbYLWjAUi9RQP/pApuuqyrkt52/PKK
+R30M23stVCYnHsdHiKVfuj8n/Y3+agtfZ9GP4JVZX3iw3uuies9j5GRASQKBgFCu
+PCM3/nG2n2VxAI9ZdptAEWCJvfE5EC6G+Tct/SzmNQCJ/peTN9d5d5KtMkXHDYvk
+pxKj9LjNlQNMRn+uhJBn+ng/aAyzNOGC+42wl8zMIq0pBlhnORpPx6NQyIEKFAbN
+42ov2u94HShlpkapnF6pQRAe75WHM4pyM7gQKpIRAoGATpgOFlCtVb28mszrgV8g
+OEQI9rRCrSEGi0fTKzZ8FPDDN6Ic+MLXknqCshEfxD889SJ4IMV84uiXd8+gfPHN
+6peHzdwlC5dd+7JL/IHmvRc6V2/ow4RkyONvzhbehIMEsRYvwdf179LdSkQh/3ZO
+MJ6oqhi1Y92Sp3/R0Lh8bFI=
 -----END PRIVATE KEY-----
diff --git a/meta-signing-key/files/system_trusted_keys/system_trusted_key.der b/meta-signing-key/files/system_trusted_keys/system_trusted_key.der
index 071abaceafb8bea9c9d6954edbf1d51da73dab9c..0b032f054973af4fc1550e23e50f9d6a03eba7b2 100644
GIT binary patch
delta 650
zcmV;50(Je@2G<4{FoFY9FoFU*paTK{0s;vDp6w0bcUC`wkr-POF)}ncGcj5h4Kg<{
zH!v|VGBi1nhGu`rV-A(?qGTPUhSqB^XSh8P-jk-gS*65{uB*$O!SS=OyQSqHa<$<~
z?MTmUv<F!nA3Qul3lVhSnm8TMVOd*X*;!5qVf~zsvN~pX-gzO?&eJnCUP<81B(<UC
zzEDu;6s>ce8bk&LZ^9(jQ=L@It)oLu(mdyQ89!LnyYhc5*RP``hbmcGW{a(WF^zkj
z?0;Zs5SELkl6e+O6<wL<<L}um+2k&trnFi2S{M8MkpYt4sGozcxd2vw=kv8dP7=Sj
zW~i0Ui}(FHVKqn;Ax3?ULZwRa(CORRf;U@??ipTu_ScFFEc9eh<;0s`fjf7QvSipT
z{E{E`gv(36{{jO600E;=FitQX1_M<c4g?ki6dlF^(zVe>1d*qu8_|GB>sLEAS1=z2
z163U(1Q;+DfD|3Z0n)Y6Mg)<kr5n+JNb6TSHdm810wRBjv@eMj+#W@vg~c1jyUa7W
z$>ZDawoDp34&dG%w5asll|NW21YU2;h=LWE)QCjEk+&9;Yqh4RmG<mF=T*Ql!Jaqd
z4i_pU)`FYjfWz+FxB4+8p)muAEO*PRrO@7`9)kiiH?ng(dL;z*U;LBAM41ZUU;)?$
zWTM3>l@ouAL2#hEU>~C;J~;bJm@L5O_QmX_c%X;<(jsUty5y8zBST--MDOC+EPrGJ
zYI7$^SH$@N;~{|Gh`O_P-NAR^SNP?eZpl65op&T}u2&Y5&q<=xAt%+mbbE>Uon&OG
kO$Bs7k{FR%S|&w9FG}$S{unrU0uJQ2qVQP@@9zS<+CGOcS^xk5

delta 650
zcmV;50(Je@2G<4{FoFY9FoFU*paTK{0s;vDpKt7|Dww{_kr-POFfubZGcj5h4Kg<{
zH!v|UGBY@lhGu`8tTy}E1ltv#qUGwY9zdE?^HnnzA23bbg~{k$)8C9rvHF6gB>Ja(
zub3`CFFJgIS9ccq-CUjG<-nvrl>Za8b6-%9IYhL)*efGhibZsZj-)I5SLi`8FKi<#
zv{D+EOkjbA0m|*U=!XvtClfL4d7eotkVz@z5fklXFC%{yY4kR&VP$nAHokq?6HxeY
zhnI`dJtdE^WapiHAXwr<C&+ee=O1Yd%l1Q#(WQ3j!~X6XUCUR^9VvMLC*$b5RMWaZ
ze)RD*FE`R<L&r2yfrJ2LX)91blXT~7WeV<VJjF+hd#Ir!1w^9twCpqyoY23fU+l)z
zW?)Hk?959J2?7HF00E;=FitQX1_M<c4g?ki6oQxy5?xy<_5_G07AVkHK&$L}O)wt@
z163U(1Q;+DfE0q54H8{jDfR@2Cl)BsS3s-mdQFox0wRAv*Jo;gg6Z(9R;4|=BNd0f
zC$DT_6w7wtF87;@%=@0it(T~NNs~|>QCCsE=j)`K$t1ty?60QCO7-e#W)OZ2N_z<x
zB6WJut2eXmP$<-s#FY`VXr?KkkDlivUZQlyLp|ph`*?VAp!)3A$ts&xlfV~wo}WUS
z?$*D%O4@&%!|6|dzgyb2%bD_czlU4a#J`1}keAT&97kU$)9r@sr9zl6Ei*XOi0mY@
zd(BHs?r$iaBI)G0AUR|_#;&7`f*$CsoTJ_iP?4#S9`5`h8=;N-pdwKi)B@ArlbAF^
k7v*lZ>BjgN1lWQUU6=slQjRNqsD?XZqUqiUsAU46;3~f@@Bjb+

diff --git a/meta-signing-key/files/system_trusted_keys/system_trusted_key.key b/meta-signing-key/files/system_trusted_keys/system_trusted_key.key
index 416750a..727aec5 100644
--- a/meta-signing-key/files/system_trusted_keys/system_trusted_key.key
+++ b/meta-signing-key/files/system_trusted_keys/system_trusted_key.key
@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCbrDb72QTbFZ+i
-5equHkCaU/NVMxYfME3dhcnoXdPfjEqx+oKlJPqnfK+YLkAvOnyBV3cW+d1cneLl
-wKQ/lP8TtXNfUJA5RLS82CsjWYpFdImOpCv7V+hBMS9sIyu0UhqXTGCBhgHK7bno
-hw8NJxMx7XmeSSuQSSnkERPtZC8jFWn0Nq1hZXUjNr592RNQ+HCHl4vRPSWPsWTn
-nXwgWOJDJ8h2bOcfaQzL9kOO0aV26cP+7hpdy1fNHSl5ACfj6LtU07pAfvTxNS83
-0mVDxzRSgYQAZGkrUECTdOdsZQruazzFR4x7qKEjBUSi9bTsNBGc0L+mX+zG1GZg
-SXPszA4JAgMBAAECggEAcV9ll9tAdxHzdd5+IJq1r+9t6uHOvZ4fRzK1jj4vHMJ+
-b8oitYUN60aaV3lvkzXEESqS96+3cEkoQu0ecZPghQkD4im5L4wDGPlRyWfflJ+/
-wpt70IwAAOKCR/4BSUz2QrQEILBow9KIL3mVE54ek6EAjq95Q5aVJJzvZ1csIR7H
-b+CGRWH3894aFSlq86M3LTreyHKVBaOGIvCiALQhczUahdXCV6ZMbNX6rlnNyVPs
-ksTdLcFqA4Xaiwpn10Kex/bOTZ/8P7ff68V5/S7sRXQLRBzLhnymtnZIVilzImZS
-njHVV+1O17Ur5bNuODAZe8F7JAiBFudGr1oKAIyDgQKBgQDM9tZBwCb7dsjWKjlO
-uV+ok1mgsNj4nOhf1JpJS1HrTH88Zc/ThJIYENYps7uQo5ruJb/K825qyG3JmS6y
-Rp/rf/tGd4OgAnG3J1FLkV6Kx5MD0GWjSTzEubD59tjZ9l9I0eaF3dIPRVOrWRsY
-fIis11gjcPEAxu7SLHcyhKX8kQKBgQDCb1vqCODnvF6kl/ASRes0aiqDSQTMGK0e
-l4Q4e8whYI386mrygPevMkKFm+v1y9PHSE1LzW0AePPukCh2mQSTYV5802mWQJs2
-LgHl7dqwt5p/TpgkY3TPljiq8U2v/wnUL0GIfg+EO0nsFlnLJmU75AMCE72vl6XJ
-ScKN5kmV+QKBgD1UVsQR1RhFcM70j3VI7qCohpcYk7PAb5/NI+VujjKUDzZpWIh4
-EKb20r5js2oSKle8H+mAcbeuBXvfRCPAEjYLc4qgVFhaouAk+aRc+ScZlJn9j4wO
-bAqJbbU98aE2oUhO1mWT/Djpi6Gn5f2rtdHSFeN09gg/flKRT5FkM66hAoGBAJly
-3W1kuGrrRR5NMxCY0bm6F/cox3pz9xzvo1AYk8+7rhNuxhzBH7jKx6k+lwiTZn4e
-V7J9W4tF6e3bI7QFq5DNBY8qImiMcHJf+OuHvlI9dNcIJhaBz4yNGAgBDLjbZNxq
-tyOLqZ9IU1zZfuBPWxHbL2ySO9+6pQKpDbyDhIuxAoGAT8eZzFJXOtdUwzHWCiYH
-PmSzKg7zT6TLXnW2uOvfJAG6RgXmlCew7YvvsvwKARtwB3Xh+VCHevaIGpoT6wwe
-Z96nzpvyRzBXg3/NT+b8mdCZRK9DvEfc+1Wnlj9gYk5ncKFDaHswTjEIcy2wUdYm
-cZTek5jdrbbN9KwOflwAUrg=
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDIYw6V76JkHaSG
+1mswZ7g9Ed6TprtZpcSNrqvLnMHxs7C7peUfcrXhSu1Iz220B1kcHzw8QgsRdOCa
+OB3QYVlbYNlZTghh/ZyPsjpmeN55IdLO0zM2XkngzSS1oeW+UFDoFK1znRpEBgZv
+wiTWU51UzK2jQ07SPOd4GT9Y1bvyLNevoyWHKllaZoutgDGNe53sf2BpEJaLppJ5
+FksVXZnn4+/ZLdnkLp+mtFn3Whf7/ZEBkt6on4OvuQBWf+fztUBOEr+3ZqiVzov3
+/TphNUgUIUZ9jkKlSvHQ6dvZgjdbjO4ZXnz214oLLPRkUOXEm1+BO3eQsmTYLfyS
+H/aEy7//AgMBAAECggEAe39BD/rd9CGoskkXSn/BtjF7IThSoo9dMYyC6Du184Yw
+15UIPndtzGlnD8Z278rPiltdvi1dsOZ9Pc5z4Wb9sSlhCn7i/7FTeeP3xgub4L+N
+slXLbCh0E42aoC4k70OEeWO0+lnKRD4KXXojRcvGXOq/4KysuTk71nKI7fDbogYV
+XID/TmYfC8TweBv60Qslr+sexUfGNg4+BV36NqaSVStnHJE0PXeMzuL7hbKzEKN2
+TQ641Aqosd+gf2s9K7Vhq+FnHrUFJDKM1mT28iPIGH7e6PVW13A72QaEEEEcPT6F
+U23zeCg+68M2PMD4Ig/6bxj/ADVYvzwovvPyMF/6gQKBgQDu6LLPY2hGQyfakgka
+NefeabY/QOSYuGb7zntw1TZY5EZahtFmuM0CLJ1O0Rb+QICJcz5mRoDF7Pxl9rNO
+uerM1+m3ndYC4QZm1YZY9Fj2sr+Q8TpHmjB/RIe8OXzGo/uG9GQmLUW9nN+NqU7X
+fHpszhcePjPOB1OY7TncH2j1HwKBgQDWuODfWlipPlbJxNgvw1bozclt7DWAhR7v
+AsGyGban6P8tWZwrRv3p2Xf2+hvZetka3xw2jMRKWfBYg39lPxlG3uLMSrkmPLm8
+9DWdKyD8B0WLxI8ayvdwk1cgTgKZABw39pL7irwBEDEex4mPmZLrIAkyB8pMmr6T
+y3TBkgf5IQKBgAaSmlDAUF8We+M0f1GcSAvDZsMouuFEuXiV/qllBEC/zvuwl9Q2
+o1U6+vzvHa3TAnZFmGLh76sCURNRDS/OR5ppGkH18qxTmoR7vV13I3duBX0sVckg
+gdMOhJl2D2u7mTDmSlcOicukpDXWgZfGEewqY1JuraguZWtgo2Xd61pLAoGBAIft
+4e2DND1vyWFRy8nwz0PxgmKj9fq2Sy7jf9tPi+IgDeqXn9WFy5gOo3MmQhsbOfVY
+6HNgCaNH7G8cT7m4iDflQY4yf6NFLhAASTCF7QufTtd8R1uewaXyoGVC/UH+X97N
+qZ6z5PCHX5EsoFjXz7opPaj+ZYK5M4w8cF1aJNIBAoGAcpFShqUYLBKfSnpQEoTa
+cfxXzG/yst+5vGybft8g7TjFvHbnqP/+Nq+VcLZJWXGcdTob1q5+7IkCAAPEv53E
+X7FCPMtFzGAL6++T2fsoFPbVpqJZMLd2NUopxwk73uXTdfcNlZse9UJsfE2PphJN
+RGdmOUaX9YasTQGHidkbRYs=
 -----END PRIVATE KEY-----
diff --git a/meta-signing-key/scripts/create-user-key-store.sh b/meta-signing-key/scripts/create-user-key-store.sh
index b8cce9e..7ce35cf 100755
--- a/meta-signing-key/scripts/create-user-key-store.sh
+++ b/meta-signing-key/scripts/create-user-key-store.sh
@@ -86,9 +86,10 @@ ca_sign() {
         openssl x509 -req -in "$key_dir/$key_name.csr" \
             -CA "$ca_cert" \
             -CAform "$ca_cert_form" \
-	    -CAkey "$ca_key_dir/$ca_key_name.key" \
+            -CAkey "$ca_key_dir/$ca_key_name.key" \
             -set_serial 1 -days 3650 \
-	    -out "$key_dir/$key_name.crt"
+            -extfile openssl.cnf -extensions v3_req \
+            -out "$key_dir/$key_name.crt"
 
         rm -f "$key_dir/$key_name.csr"
     fi
diff --git a/meta-signing-key/scripts/openssl.cnf b/meta-signing-key/scripts/openssl.cnf
new file mode 100644
index 0000000..37fdb99
--- /dev/null
+++ b/meta-signing-key/scripts/openssl.cnf
@@ -0,0 +1,2 @@
+[v3_req]
+authorityKeyIdentifier=keyid:always