apps/openssl.cnf: fix reference to insta.ca.crt

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20832)

(cherry picked from commit 14ca1b6f4694ad27b1163bcafda1683f4dd05a30)

2 files changed, 4 insertions, 4 deletions

diff --git a/apps/openssl-vms.cnf b/apps/openssl-vms.cnf
index 59c6776a1e..ac858d670d 100644
--- a/apps/openssl-vms.cnf
+++ b/apps/openssl-vms.cnf
@@ -356,7 +356,7 @@ cmd = ir # default operation, can be overridden on cmd line with, e.g., kur
 # Certificate enrollment
 subject = "/CN=openssl-cmp-test"
 newkey = insta.priv.pem
-out_trusted = insta.ca.crt
+out_trusted = apps/insta.ca.crt # does not include keyUsage digitalSignature
 certout = insta.cert.pem
 
 [pbm] # Password-based protection for Insta CA
@@ -366,7 +366,7 @@ secret = $insta::secret # pass:insta
 
 [signature] # Signature-based protection for Insta CA
 # Server authentication
-trusted = insta.ca.crt # does not include keyUsage digitalSignature
+trusted = $insta::out_trusted # apps/insta.ca.crt
 
 # Client authentication
 secret = # disable PBM
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 03330e0120..12bc40896e 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -356,7 +356,7 @@ cmd = ir # default operation, can be overridden on cmd line with, e.g., kur
 # Certificate enrollment
 subject = "/CN=openssl-cmp-test"
 newkey = insta.priv.pem
-out_trusted = insta.ca.crt
+out_trusted = apps/insta.ca.crt # does not include keyUsage digitalSignature
 certout = insta.cert.pem
 
 [pbm] # Password-based protection for Insta CA
@@ -366,7 +366,7 @@ secret = $insta::secret # pass:insta
 
 [signature] # Signature-based protection for Insta CA
 # Server authentication
-trusted = insta.ca.crt # does not include keyUsage digitalSignature
+trusted = $insta::out_trusted # apps/insta.ca.crt
 
 # Client authentication
 secret = # disable PBM