Blame - test/CAtsa.cnf - third_party/openssl

blob: ab2f84aa0feb0ca5432ab44402de6e892aab0f18 [file] [log] [blame]

Ulf Möller	8573552	2006-02-12 23:19:25 +0000	[diff] [blame]	1
				2	#
				3	# This config is used by the Time Stamp Authority tests.
				4	#
				5
Richard Levitte	2d851ab	2010-01-25 00:22:57 +0000	[diff] [blame]	6	RANDFILE = ./.rnd
Ulf Möller	8573552	2006-02-12 23:19:25 +0000	[diff] [blame]	7
				8	# Extra OBJECT IDENTIFIER info:
				9	oid_section = new_oids
				10
Dr. Stephen Henson	cf32ad7	2006-11-07 16:21:16 +0000	[diff] [blame]	11	TSDNSECT = ts_cert_dn
				12	INDEX = 1
				13
Ulf Möller	8573552	2006-02-12 23:19:25 +0000	[diff] [blame]	14	[ new_oids ]
				15
				16	# Policies used by the TSA tests.
				17	tsa_policy1 = 1.2.3.4.1
				18	tsa_policy2 = 1.2.3.4.5.6
				19	tsa_policy3 = 1.2.3.4.5.7
				20
				21	#----------------------------------------------------------------------
				22	[ ca ]
				23	default_ca = CA_default # The default ca section
				24
				25	[ CA_default ]
				26
				27	dir = ./demoCA
				28	certs = $dir/certs # Where the issued certs are kept
				29	database = $dir/index.txt # database index file.
				30	new_certs_dir = $dir/newcerts # default place for new certs.
				31
				32	certificate = $dir/cacert.pem # The CA certificate
				33	serial = $dir/serial # The current serial number
				34	private_key = $dir/private/cakey.pem# The private key
				35	RANDFILE = $dir/private/.rand # private random number file
				36
				37	default_days = 365 # how long to certify for
Dr. Stephen Henson	2cc7acd	2015-11-19 15:50:15 +0000	[diff] [blame]	38	default_md = sha256 # which md to use.
Ulf Möller	8573552	2006-02-12 23:19:25 +0000	[diff] [blame]	39	preserve = no # keep passed DN ordering
				40
				41	policy = policy_match
				42
				43	# For the CA policy
				44	[ policy_match ]
				45	countryName = supplied
				46	stateOrProvinceName = supplied
				47	organizationName = supplied
				48	organizationalUnitName = optional
				49	commonName = supplied
				50	emailAddress = optional
				51
				52	#----------------------------------------------------------------------
				53	[ req ]
Rich Salz	fec6693	2015-04-20 07:23:04 -0400	[diff] [blame]	54	default_bits = 2048
Ulf Möller	8573552	2006-02-12 23:19:25 +0000	[diff] [blame]	55	default_md = sha1
Dr. Stephen Henson	cf32ad7	2006-11-07 16:21:16 +0000	[diff] [blame]	56	distinguished_name = $ENV::TSDNSECT
Ulf Möller	8573552	2006-02-12 23:19:25 +0000	[diff] [blame]	57	encrypt_rsa_key = no
Dr. Stephen Henson	cf32ad7	2006-11-07 16:21:16 +0000	[diff] [blame]	58	prompt = no
Ulf Möller	8573552	2006-02-12 23:19:25 +0000	[diff] [blame]	59	# attributes = req_attributes
Veres Lajos	478b50c	2013-06-13 00:22:32 +0100	[diff] [blame]	60	x509_extensions = v3_ca # The extensions to add to the self signed cert
Ulf Möller	8573552	2006-02-12 23:19:25 +0000	[diff] [blame]	61
				62	string_mask = nombstr
				63
Dr. Stephen Henson	cf32ad7	2006-11-07 16:21:16 +0000	[diff] [blame]	64	[ ts_ca_dn ]
				65	countryName = HU
				66	stateOrProvinceName = Budapest
				67	localityName = Budapest
				68	organizationName = Gov-CA Ltd.
				69	commonName = ca1
Ulf Möller	8573552	2006-02-12 23:19:25 +0000	[diff] [blame]	70
Dr. Stephen Henson	cf32ad7	2006-11-07 16:21:16 +0000	[diff] [blame]	71	[ ts_cert_dn ]
				72	countryName = HU
				73	stateOrProvinceName = Budapest
				74	localityName = Buda
				75	organizationName = Hun-TSA Ltd.
				76	commonName = tsa$ENV::INDEX
Ulf Möller	8573552	2006-02-12 23:19:25 +0000	[diff] [blame]	77
				78	[ tsa_cert ]
				79
				80	# TSA server cert is not a CA cert.
				81	basicConstraints=CA:FALSE
				82
				83	# The following key usage flags are needed for TSA server certificates.
				84	keyUsage = nonRepudiation, digitalSignature
				85	extendedKeyUsage = critical,timeStamping
				86
				87	# PKIX recommendations harmless if included in all certificates.
				88	subjectKeyIdentifier=hash
				89	authorityKeyIdentifier=keyid,issuer:always
				90
				91	[ non_tsa_cert ]
				92
				93	# This is not a CA cert and not a TSA cert, either (timeStamping usage missing)
				94	basicConstraints=CA:FALSE
				95
				96	# The following key usage flags are needed for TSA server certificates.
				97	keyUsage = nonRepudiation, digitalSignature
				98	# timeStamping is not supported by this certificate
				99	# extendedKeyUsage = critical,timeStamping
				100
				101	# PKIX recommendations harmless if included in all certificates.
				102	subjectKeyIdentifier=hash
				103	authorityKeyIdentifier=keyid,issuer:always
				104
				105	[ v3_req ]
				106
				107	# Extensions to add to a certificate request
				108	basicConstraints = CA:FALSE
				109	keyUsage = nonRepudiation, digitalSignature
				110
				111	[ v3_ca ]
				112
				113	# Extensions for a typical CA
				114
				115	subjectKeyIdentifier=hash
				116	authorityKeyIdentifier=keyid:always,issuer:always
				117	basicConstraints = critical,CA:true
				118	keyUsage = cRLSign, keyCertSign
				119
				120	#----------------------------------------------------------------------
				121	[ tsa ]
				122
				123	default_tsa = tsa_config1 # the default TSA section
				124
				125	[ tsa_config1 ]
				126
				127	# These are used by the TSA reply generation only.
				128	dir = . # TSA root directory
				129	serial = $dir/tsa_serial # The current serial number (mandatory)
				130	signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate
				131	# (optional)
Dr. Stephen Henson	cf32ad7	2006-11-07 16:21:16 +0000	[diff] [blame]	132	certs = $dir/tsaca.pem # Certificate chain to include in reply
Ulf Möller	8573552	2006-02-12 23:19:25 +0000	[diff] [blame]	133	# (optional)
				134	signer_key = $dir/tsa_key1.pem # The TSA private key (optional)
Dr. Stephen Henson	2cc7acd	2015-11-19 15:50:15 +0000	[diff] [blame]	135	signer_digest = sha256 # Signing digest to use. (Optional)
Ulf Möller	8573552	2006-02-12 23:19:25 +0000	[diff] [blame]	136	default_policy = tsa_policy1 # Policy if request did not specify it
				137	# (optional)
				138	other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
Dr. Stephen Henson	2cc7acd	2015-11-19 15:50:15 +0000	[diff] [blame]	139	digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
Ulf Möller	8573552	2006-02-12 23:19:25 +0000	[diff] [blame]	140	accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
				141	ordering = yes # Is ordering defined for timestamps?
				142	# (optional, default: no)
				143	tsa_name = yes # Must the TSA name be included in the reply?
				144	# (optional, default: no)
				145	ess_cert_id_chain = yes # Must the ESS cert id chain be included?
				146	# (optional, default: no)
				147
				148	[ tsa_config2 ]
				149
				150	# This configuration uses a certificate which doesn't have timeStamping usage.
				151	# These are used by the TSA reply generation only.
				152	dir = . # TSA root directory
				153	serial = $dir/tsa_serial # The current serial number (mandatory)
				154	signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate
				155	# (optional)
				156	certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply
				157	# (optional)
				158	signer_key = $dir/tsa_key2.pem # The TSA private key (optional)
Dr. Stephen Henson	2cc7acd	2015-11-19 15:50:15 +0000	[diff] [blame]	159	signer_digest = sha256 # Signing digest to use. (Optional)
Ulf Möller	8573552	2006-02-12 23:19:25 +0000	[diff] [blame]	160	default_policy = tsa_policy1 # Policy if request did not specify it
				161	# (optional)
				162	other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
Dr. Stephen Henson	2cc7acd	2015-11-19 15:50:15 +0000	[diff] [blame]	163	digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)