openssl/test/ca-and-certs.cnf
Rich Salz 4e6e57cfcd Cleanup cert config files for tests
Merge test/P[12]ss.cnf into one config file
Merge CAss.cnf and Uss.cnf into ca-and-certs.cnf
Remove Netscape cert extensions, add keyUsage comment from some cnf files

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11347)
2020-06-03 09:56:56 +02:00

91 lines
2.2 KiB
INI

CN2 = Brother 2
####################################################################
[ req ]
default_bits = 2048
default_keyfile = keySS.pem
distinguished_name = req_distinguished_name
encrypt_rsa_key = no
default_md = sha1
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_value = AU
organizationName = Organization Name (eg, company)
organizationName_value = Dodgy Brothers
commonName = Common Name (eg, YOUR name)
commonName_value = Dodgy CA
####################################################################
[ userreq ]
default_bits = 2048
default_keyfile = keySS.pem
distinguished_name = user_dn
encrypt_rsa_key = no
default_md = sha256
prompt = no
[ user_dn ]
countryName = AU
organizationName = Dodgy Brothers
0.commonName = Brother 1
1.commonName = $ENV::CN2
[ v3_ee ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
basicConstraints = CA:false
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ee_dsa ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always
basicConstraints = CA:false
keyUsage = nonRepudiation, digitalSignature
[ v3_ee_ec ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always
basicConstraints = CA:false
keyUsage = nonRepudiation, digitalSignature, keyAgreement
####################################################################
[ ca ]
default_ca = CA_default
[ CA_default ]
dir = ./demoCA
certs = $dir/certs
crl_dir = $dir/crl
database = $dir/index.txt
new_certs_dir = $dir/newcerts
certificate = $dir/cacert.pem
serial = $dir/serial
crl = $dir/crl.pem
private_key = $dir/private/cakey.pem
x509_extensions = v3_ca
name_opt = ca_default
cert_opt = ca_default
default_days = 365
default_crl_days= 30
default_md = sha1
preserve = no
policy = policy_anything
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ v3_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = critical,CA:true,pathlen:1
keyUsage = cRLSign, keyCertSign
issuerAltName = issuer:copy