Context Navigation

CAtsa.cnf

Last change on this file was 104078, checked in by vboxsync, 2 months ago
openssl-3.1.5: Applied and adjusted our OpenSSL changes to 3.1.4. bugref:10638
File size: 4.9 KB

Line
1
2	#
3	# This config is used by the Time Stamp Authority tests.
4	#
5
6	# Comment out the next line to ignore configuration errors
7	config_diagnostics = 1
8
9	# Extra OBJECT IDENTIFIER info:
10	oid_section = new_oids
11
12	TSDNSECT = ts_cert_dn
13	INDEX = 1
14
15	[ new_oids ]
16
17	# Policies used by the TSA tests.
18	tsa_policy1 = 1.2.3.4.1
19	tsa_policy2 = 1.2.3.4.5.6
20	tsa_policy3 = 1.2.3.4.5.7
21
22	#----------------------------------------------------------------------
23	[ ca ]
24	default_ca = CA_default # The default ca section
25
26	[ CA_default ]
27
28	dir = ./demoCA
29	certs = $dir/certs # Where the issued certs are kept
30	database = $dir/index.txt # database index file.
31	new_certs_dir = $dir/newcerts # default place for new certs.
32
33	certificate = $dir/cacert.pem # The CA certificate
34	serial = $dir/serial # The current serial number
35	private_key = $dir/private/cakey.pem# The private key
36
37	default_days = 365 # how long to certify for
38	default_md = sha256 # which md to use.
39	preserve = no # keep passed DN ordering
40
41	policy = policy_match
42
43	# For the CA policy
44	[ policy_match ]
45	countryName = supplied
46	stateOrProvinceName = supplied
47	organizationName = supplied
48	organizationalUnitName = optional
49	commonName = supplied
50	emailAddress = optional
51
52	#----------------------------------------------------------------------
53	[ req ]
54	default_md = sha1
55	distinguished_name = $ENV::TSDNSECT
56	encrypt_rsa_key = no
57	prompt = no
58	# attributes = req_attributes
59	x509_extensions = v3_ca # The extensions to add to the self signed cert
60
61	string_mask = nombstr
62
63	[ ts_ca_dn ]
64	countryName = HU
65	stateOrProvinceName = Budapest
66	localityName = Budapest
67	organizationName = Gov-CA Ltd.
68	commonName = ca1
69
70	[ ts_cert_dn ]
71	countryName = HU
72	stateOrProvinceName = Budapest
73	localityName = Buda
74	organizationName = Hun-TSA Ltd.
75	commonName = tsa$ENV::INDEX
76
77	[ tsa_cert ]
78
79	# TSA server cert is not a CA cert.
80	basicConstraints=CA:FALSE
81
82	# The following key usage flags are needed for TSA server certificates.
83	keyUsage = nonRepudiation, digitalSignature
84	extendedKeyUsage = critical,timeStamping
85
86	# PKIX recommendations harmless if included in all certificates.
87	subjectKeyIdentifier=hash
88	authorityKeyIdentifier=keyid,issuer:always
89
90	[ non_tsa_cert ]
91
92	# This is not a CA cert and not a TSA cert, either (timeStamping usage missing)
93	basicConstraints=CA:FALSE
94
95	# The following key usage flags are needed for TSA server certificates.
96	keyUsage = nonRepudiation, digitalSignature
97	# timeStamping is not supported by this certificate
98	# extendedKeyUsage = critical,timeStamping
99
100	# PKIX recommendations harmless if included in all certificates.
101	subjectKeyIdentifier=hash
102	authorityKeyIdentifier=keyid,issuer:always
103
104	[ v3_req ]
105
106	# Extensions to add to a certificate request
107	basicConstraints = CA:FALSE
108	keyUsage = nonRepudiation, digitalSignature
109
110	[ v3_ca ]
111
112	# Extensions for a typical CA
113
114	subjectKeyIdentifier=hash
115	authorityKeyIdentifier=keyid:always,issuer:always
116	basicConstraints = critical,CA:true
117	keyUsage = cRLSign, keyCertSign
118
119	#----------------------------------------------------------------------
120	[ tsa ]
121
122	default_tsa = tsa_config1 # the default TSA section
123
124	[ tsa_config1 ]
125
126	# These are used by the TSA reply generation only.
127	dir = . # TSA root directory
128	serial = $dir/tsa_serial # The current serial number (mandatory)
129	signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate
130	# (optional)
131	certs = $dir/tsaca.pem # Certificate chain to include in reply
132	# (optional)
133	signer_key = $dir/tsa_key1.pem # The TSA private key (optional)
134	signer_digest = sha256 # Signing digest to use. (Optional)
135	default_policy = tsa_policy1 # Policy if request did not specify it
136	# (optional)
137	other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
138	digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
139	accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
140	ordering = yes # Is ordering defined for timestamps?
141	# (optional, default: no)
142	tsa_name = yes # Must the TSA name be included in the reply?
143	# (optional, default: no)
144	ess_cert_id_chain = yes # Must the ESS cert id chain be included?
145	# (optional, default: no)
146	ess_cert_id_alg = sha256 # algorithm to compute certificate
147	# identifier (optional, default: sha1)
148
149	[ tsa_config2 ]
150
151	# This configuration uses a certificate which doesn't have timeStamping usage.
152	# These are used by the TSA reply generation only.
153	dir = . # TSA root directory
154	serial = $dir/tsa_serial # The current serial number (mandatory)
155	signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate
156	# (optional)
157	certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply
158	# (optional)
159	signer_key = $dir/tsa_key2.pem # The TSA private key (optional)
160	signer_digest = sha256 # Signing digest to use. (Optional)
161	default_policy = tsa_policy1 # Policy if request did not specify it
162	# (optional)
163	other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
164	digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format