VirtualBox

source: vbox/trunk/src/libs/openssl-3.1.3/test/CAtsa.cnf@ 102797

Last change on this file since 102797 was 101211, checked in by vboxsync, 15 months ago

openssl-3.1.3: Applied and adjusted our OpenSSL changes to 3.1.2. bugref:10527

File size: 4.9 KB
Line 
1
2#
3# This config is used by the Time Stamp Authority tests.
4#
5
6# Comment out the next line to ignore configuration errors
7config_diagnostics = 1
8
9# Extra OBJECT IDENTIFIER info:
10oid_section = new_oids
11
12TSDNSECT = ts_cert_dn
13INDEX = 1
14
15[ new_oids ]
16
17# Policies used by the TSA tests.
18tsa_policy1 = 1.2.3.4.1
19tsa_policy2 = 1.2.3.4.5.6
20tsa_policy3 = 1.2.3.4.5.7
21
22#----------------------------------------------------------------------
23[ ca ]
24default_ca = CA_default # The default ca section
25
26[ CA_default ]
27
28dir = ./demoCA
29certs = $dir/certs # Where the issued certs are kept
30database = $dir/index.txt # database index file.
31new_certs_dir = $dir/newcerts # default place for new certs.
32
33certificate = $dir/cacert.pem # The CA certificate
34serial = $dir/serial # The current serial number
35private_key = $dir/private/cakey.pem# The private key
36
37default_days = 365 # how long to certify for
38default_md = sha256 # which md to use.
39preserve = no # keep passed DN ordering
40
41policy = policy_match
42
43# For the CA policy
44[ policy_match ]
45countryName = supplied
46stateOrProvinceName = supplied
47organizationName = supplied
48organizationalUnitName = optional
49commonName = supplied
50emailAddress = optional
51
52#----------------------------------------------------------------------
53[ req ]
54default_md = sha1
55distinguished_name = $ENV::TSDNSECT
56encrypt_rsa_key = no
57prompt = no
58# attributes = req_attributes
59x509_extensions = v3_ca # The extensions to add to the self signed cert
60
61string_mask = nombstr
62
63[ ts_ca_dn ]
64countryName = HU
65stateOrProvinceName = Budapest
66localityName = Budapest
67organizationName = Gov-CA Ltd.
68commonName = ca1
69
70[ ts_cert_dn ]
71countryName = HU
72stateOrProvinceName = Budapest
73localityName = Buda
74organizationName = Hun-TSA Ltd.
75commonName = tsa$ENV::INDEX
76
77[ tsa_cert ]
78
79# TSA server cert is not a CA cert.
80basicConstraints=CA:FALSE
81
82# The following key usage flags are needed for TSA server certificates.
83keyUsage = nonRepudiation, digitalSignature
84extendedKeyUsage = critical,timeStamping
85
86# PKIX recommendations harmless if included in all certificates.
87subjectKeyIdentifier=hash
88authorityKeyIdentifier=keyid,issuer:always
89
90[ non_tsa_cert ]
91
92# This is not a CA cert and not a TSA cert, either (timeStamping usage missing)
93basicConstraints=CA:FALSE
94
95# The following key usage flags are needed for TSA server certificates.
96keyUsage = nonRepudiation, digitalSignature
97# timeStamping is not supported by this certificate
98# extendedKeyUsage = critical,timeStamping
99
100# PKIX recommendations harmless if included in all certificates.
101subjectKeyIdentifier=hash
102authorityKeyIdentifier=keyid,issuer:always
103
104[ v3_req ]
105
106# Extensions to add to a certificate request
107basicConstraints = CA:FALSE
108keyUsage = nonRepudiation, digitalSignature
109
110[ v3_ca ]
111
112# Extensions for a typical CA
113
114subjectKeyIdentifier=hash
115authorityKeyIdentifier=keyid:always,issuer:always
116basicConstraints = critical,CA:true
117keyUsage = cRLSign, keyCertSign
118
119#----------------------------------------------------------------------
120[ tsa ]
121
122default_tsa = tsa_config1 # the default TSA section
123
124[ tsa_config1 ]
125
126# These are used by the TSA reply generation only.
127dir = . # TSA root directory
128serial = $dir/tsa_serial # The current serial number (mandatory)
129signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate
130 # (optional)
131certs = $dir/tsaca.pem # Certificate chain to include in reply
132 # (optional)
133signer_key = $dir/tsa_key1.pem # The TSA private key (optional)
134signer_digest = sha256 # Signing digest to use. (Optional)
135default_policy = tsa_policy1 # Policy if request did not specify it
136 # (optional)
137other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
138digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
139accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
140ordering = yes # Is ordering defined for timestamps?
141 # (optional, default: no)
142tsa_name = yes # Must the TSA name be included in the reply?
143 # (optional, default: no)
144ess_cert_id_chain = yes # Must the ESS cert id chain be included?
145 # (optional, default: no)
146ess_cert_id_alg = sha256 # algorithm to compute certificate
147 # identifier (optional, default: sha1)
148
149[ tsa_config2 ]
150
151# This configuration uses a certificate which doesn't have timeStamping usage.
152# These are used by the TSA reply generation only.
153dir = . # TSA root directory
154serial = $dir/tsa_serial # The current serial number (mandatory)
155signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate
156 # (optional)
157certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply
158 # (optional)
159signer_key = $dir/tsa_key2.pem # The TSA private key (optional)
160signer_digest = sha256 # Signing digest to use. (Optional)
161default_policy = tsa_policy1 # Policy if request did not specify it
162 # (optional)
163other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
164digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette