mirror of
https://github.com/openssl/openssl.git
synced 2025-02-11 14:22:43 +08:00
19914fec9b
The tests only cover the correct handling of the codesigning purpose in the certificates in the context of the cms command line tool. The interpretation of the certificate purpose is tested in the context of the "verify" app. The correct handling of the cms objects is tested by other tests in 80-test_cms.t. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18567)
78 lines
1.9 KiB
INI
78 lines
1.9 KiB
INI
#
|
|
# OpenSSL example configuration file for automated certificate creation.
|
|
#
|
|
|
|
# Comment out the next line to ignore configuration errors
|
|
config_diagnostics = 1
|
|
|
|
# This definition stops the following lines choking if HOME or CN
|
|
# is undefined.
|
|
HOME = .
|
|
CN = "Not Defined"
|
|
default_ca = ca
|
|
|
|
####################################################################
|
|
[ req ]
|
|
default_bits = 2048
|
|
default_keyfile = privkey.pem
|
|
# Don't prompt for fields: use those in section directly
|
|
prompt = no
|
|
distinguished_name = req_distinguished_name
|
|
x509_extensions = v3_ca # The extensions to add to the self signed cert
|
|
string_mask = utf8only
|
|
|
|
# req_extensions = v3_req # The extensions to add to a certificate request
|
|
|
|
[ req_distinguished_name ]
|
|
countryName = UK
|
|
|
|
organizationName = OpenSSL Group
|
|
# Take CN from environment so it can come from a script.
|
|
commonName = $ENV::CN
|
|
|
|
[ usr_cert ]
|
|
|
|
# These extensions are added when 'ca' signs a request for an end entity
|
|
# certificate
|
|
|
|
basicConstraints=critical, CA:FALSE
|
|
keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
|
|
|
|
# PKIX recommendations harmless if included in all certificates.
|
|
subjectKeyIdentifier=hash
|
|
authorityKeyIdentifier=keyid
|
|
|
|
[ dh_cert ]
|
|
|
|
# These extensions are added when 'ca' signs a request for an end entity
|
|
# DH certificate
|
|
|
|
basicConstraints=critical, CA:FALSE
|
|
keyUsage=critical, keyAgreement
|
|
|
|
# PKIX recommendations harmless if included in all certificates.
|
|
subjectKeyIdentifier=hash
|
|
authorityKeyIdentifier=keyid
|
|
|
|
[ codesign_cert ]
|
|
|
|
# These extensions are added when 'ca' signs a request for a code-signing
|
|
# end-entity certificate
|
|
|
|
basicConstraints=CA:FALSE
|
|
keyUsage=critical, digitalSignature
|
|
extendedKeyUsage=codeSigning
|
|
|
|
[ v3_ca ]
|
|
|
|
|
|
# Extensions for a typical CA
|
|
|
|
# PKIX recommendation.
|
|
|
|
subjectKeyIdentifier=hash
|
|
authorityKeyIdentifier=keyid:always
|
|
basicConstraints = critical,CA:true
|
|
keyUsage = critical, cRLSign, keyCertSign
|
|
|