Gitiles
Code Review Sign In
192.168.1.100 / T106_DC / 9ed821d7e5d875a3395740a9cc2545671fa429b7 / . / ap / lib / libssl / openssl-1.1.1o / test / CAtsa.cnf
blob: d1642879be3baee737bc019b2f8e91ad4641ea02 [file] [log] [blame]
lh9ed821d2023-04-07 01:36:19 -0700[diff] [blame^]1
2#
3# This config is used by the Time Stamp Authority tests.
4#
5
6RANDFILE = ./.rnd
7
8# Extra OBJECT IDENTIFIER info:
9oid_section = new_oids
10
11TSDNSECT = ts_cert_dn
12INDEX = 1
13
14[ new_oids ]
15
16# Policies used by the TSA tests.
17tsa_policy1 = 1.2.3.4.1
18tsa_policy2 = 1.2.3.4.5.6
19tsa_policy3 = 1.2.3.4.5.7
20
21#----------------------------------------------------------------------
22[ ca ]
23default_ca = CA_default # The default ca section
24
25[ CA_default ]
26
27dir = ./demoCA
28certs = $dir/certs # Where the issued certs are kept
29database = $dir/index.txt # database index file.
30new_certs_dir = $dir/newcerts # default place for new certs.
31
32certificate = $dir/cacert.pem # The CA certificate
33serial = $dir/serial # The current serial number
34private_key = $dir/private/cakey.pem# The private key
35RANDFILE = $dir/private/.rand # private random number file
36
37default_days = 365 # how long to certify for
38default_md = sha256 # which md to use.
39preserve = no # keep passed DN ordering
40
41policy = policy_match
42
43# For the CA policy
44[ policy_match ]
45countryName = supplied
46stateOrProvinceName = supplied
47organizationName = supplied
48organizationalUnitName = optional
49commonName = supplied
50emailAddress = optional
51
52#----------------------------------------------------------------------
53[ req ]
54default_bits = 2048
55default_md = sha1
56distinguished_name = $ENV::TSDNSECT
57encrypt_rsa_key = no
58prompt = no
59# attributes = req_attributes
60x509_extensions = v3_ca # The extensions to add to the self signed cert
61
62string_mask = nombstr
63
64[ ts_ca_dn ]
65countryName = HU
66stateOrProvinceName = Budapest
67localityName = Budapest
68organizationName = Gov-CA Ltd.
69commonName = ca1
70
71[ ts_cert_dn ]
72countryName = HU
73stateOrProvinceName = Budapest
74localityName = Buda
75organizationName = Hun-TSA Ltd.
76commonName = tsa$ENV::INDEX
77
78[ tsa_cert ]
79
80# TSA server cert is not a CA cert.
81basicConstraints=CA:FALSE
82
83# The following key usage flags are needed for TSA server certificates.
84keyUsage = nonRepudiation, digitalSignature
85extendedKeyUsage = critical,timeStamping
86
87# PKIX recommendations harmless if included in all certificates.
88subjectKeyIdentifier=hash
89authorityKeyIdentifier=keyid,issuer:always
90
91[ non_tsa_cert ]
92
93# This is not a CA cert and not a TSA cert, either (timeStamping usage missing)
94basicConstraints=CA:FALSE
95
96# The following key usage flags are needed for TSA server certificates.
97keyUsage = nonRepudiation, digitalSignature
98# timeStamping is not supported by this certificate
99# extendedKeyUsage = critical,timeStamping
100
101# PKIX recommendations harmless if included in all certificates.
102subjectKeyIdentifier=hash
103authorityKeyIdentifier=keyid,issuer:always
104
105[ v3_req ]
106
107# Extensions to add to a certificate request
108basicConstraints = CA:FALSE
109keyUsage = nonRepudiation, digitalSignature
110
111[ v3_ca ]
112
113# Extensions for a typical CA
114
115subjectKeyIdentifier=hash
116authorityKeyIdentifier=keyid:always,issuer:always
117basicConstraints = critical,CA:true
118keyUsage = cRLSign, keyCertSign
119
120#----------------------------------------------------------------------
121[ tsa ]
122
123default_tsa = tsa_config1 # the default TSA section
124
125[ tsa_config1 ]
126
127# These are used by the TSA reply generation only.
128dir = . # TSA root directory
129serial = $dir/tsa_serial # The current serial number (mandatory)
130signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate
131 # (optional)
132certs = $dir/tsaca.pem # Certificate chain to include in reply
133 # (optional)
134signer_key = $dir/tsa_key1.pem # The TSA private key (optional)
135signer_digest = sha256 # Signing digest to use. (Optional)
136default_policy = tsa_policy1 # Policy if request did not specify it
137 # (optional)
138other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
139digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
140accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
141ordering = yes # Is ordering defined for timestamps?
142 # (optional, default: no)
143tsa_name = yes # Must the TSA name be included in the reply?
144 # (optional, default: no)
145ess_cert_id_chain = yes # Must the ESS cert id chain be included?
146 # (optional, default: no)
147ess_cert_id_alg = sha256 # algorithm to compute certificate
148 # identifier (optional, default: sha1)
149
150[ tsa_config2 ]
151
152# This configuration uses a certificate which doesn't have timeStamping usage.
153# These are used by the TSA reply generation only.
154dir = . # TSA root directory
155serial = $dir/tsa_serial # The current serial number (mandatory)
156signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate
157 # (optional)
158certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply
159 # (optional)
160signer_key = $dir/tsa_key2.pem # The TSA private key (optional)
161signer_digest = sha256 # Signing digest to use. (Optional)
162default_policy = tsa_policy1 # Policy if request did not specify it
163 # (optional)
164other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
165digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)