OLD | NEW |
(Empty) | |
| 1 |
| 2 # |
| 3 # This config is used by the Time Stamp Authority tests. |
| 4 # |
| 5 |
| 6 RANDFILE = ./.rnd |
| 7 |
| 8 # Extra OBJECT IDENTIFIER info: |
| 9 oid_section = new_oids |
| 10 |
| 11 TSDNSECT = ts_cert_dn |
| 12 INDEX = 1 |
| 13 |
| 14 [ new_oids ] |
| 15 |
| 16 # Policies used by the TSA tests. |
| 17 tsa_policy1 = 1.2.3.4.1 |
| 18 tsa_policy2 = 1.2.3.4.5.6 |
| 19 tsa_policy3 = 1.2.3.4.5.7 |
| 20 |
| 21 #---------------------------------------------------------------------- |
| 22 [ ca ] |
| 23 default_ca = CA_default # The default ca section |
| 24 |
| 25 [ CA_default ] |
| 26 |
| 27 dir = ./demoCA |
| 28 certs = $dir/certs # Where the issued certs are kept |
| 29 database = $dir/index.txt # database index file. |
| 30 new_certs_dir = $dir/newcerts # default place for new certs. |
| 31 |
| 32 certificate = $dir/cacert.pem # The CA certificate |
| 33 serial = $dir/serial # The current serial number |
| 34 private_key = $dir/private/cakey.pem# The private key |
| 35 RANDFILE = $dir/private/.rand # private random number file |
| 36 |
| 37 default_days = 365 # how long to certify for |
| 38 default_md = sha1 # which md to use. |
| 39 preserve = no # keep passed DN ordering |
| 40 |
| 41 policy = policy_match |
| 42 |
| 43 # For the CA policy |
| 44 [ policy_match ] |
| 45 countryName = supplied |
| 46 stateOrProvinceName = supplied |
| 47 organizationName = supplied |
| 48 organizationalUnitName = optional |
| 49 commonName = supplied |
| 50 emailAddress = optional |
| 51 |
| 52 #---------------------------------------------------------------------- |
| 53 [ req ] |
| 54 default_bits = 1024 |
| 55 default_md = sha1 |
| 56 distinguished_name = $ENV::TSDNSECT |
| 57 encrypt_rsa_key = no |
| 58 prompt = no |
| 59 # attributes = req_attributes |
| 60 x509_extensions = v3_ca # The extentions to add to the self signed cert |
| 61 |
| 62 string_mask = nombstr |
| 63 |
| 64 [ ts_ca_dn ] |
| 65 countryName = HU |
| 66 stateOrProvinceName = Budapest |
| 67 localityName = Budapest |
| 68 organizationName = Gov-CA Ltd. |
| 69 commonName = ca1 |
| 70 |
| 71 [ ts_cert_dn ] |
| 72 countryName = HU |
| 73 stateOrProvinceName = Budapest |
| 74 localityName = Buda |
| 75 organizationName = Hun-TSA Ltd. |
| 76 commonName = tsa$ENV::INDEX |
| 77 |
| 78 [ tsa_cert ] |
| 79 |
| 80 # TSA server cert is not a CA cert. |
| 81 basicConstraints=CA:FALSE |
| 82 |
| 83 # The following key usage flags are needed for TSA server certificates. |
| 84 keyUsage = nonRepudiation, digitalSignature |
| 85 extendedKeyUsage = critical,timeStamping |
| 86 |
| 87 # PKIX recommendations harmless if included in all certificates. |
| 88 subjectKeyIdentifier=hash |
| 89 authorityKeyIdentifier=keyid,issuer:always |
| 90 |
| 91 [ non_tsa_cert ] |
| 92 |
| 93 # This is not a CA cert and not a TSA cert, either (timeStamping usage missing) |
| 94 basicConstraints=CA:FALSE |
| 95 |
| 96 # The following key usage flags are needed for TSA server certificates. |
| 97 keyUsage = nonRepudiation, digitalSignature |
| 98 # timeStamping is not supported by this certificate |
| 99 # extendedKeyUsage = critical,timeStamping |
| 100 |
| 101 # PKIX recommendations harmless if included in all certificates. |
| 102 subjectKeyIdentifier=hash |
| 103 authorityKeyIdentifier=keyid,issuer:always |
| 104 |
| 105 [ v3_req ] |
| 106 |
| 107 # Extensions to add to a certificate request |
| 108 basicConstraints = CA:FALSE |
| 109 keyUsage = nonRepudiation, digitalSignature |
| 110 |
| 111 [ v3_ca ] |
| 112 |
| 113 # Extensions for a typical CA |
| 114 |
| 115 subjectKeyIdentifier=hash |
| 116 authorityKeyIdentifier=keyid:always,issuer:always |
| 117 basicConstraints = critical,CA:true |
| 118 keyUsage = cRLSign, keyCertSign |
| 119 |
| 120 #---------------------------------------------------------------------- |
| 121 [ tsa ] |
| 122 |
| 123 default_tsa = tsa_config1 # the default TSA section |
| 124 |
| 125 [ tsa_config1 ] |
| 126 |
| 127 # These are used by the TSA reply generation only. |
| 128 dir = . # TSA root directory |
| 129 serial = $dir/tsa_serial # The current serial number (mandatory) |
| 130 signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate |
| 131 # (optional) |
| 132 certs = $dir/tsaca.pem # Certificate chain to include in reply |
| 133 # (optional) |
| 134 signer_key = $dir/tsa_key1.pem # The TSA private key (optional) |
| 135 |
| 136 default_policy = tsa_policy1 # Policy if request did not specify it |
| 137 # (optional) |
| 138 other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) |
| 139 digests = md5, sha1 # Acceptable message digests (mandatory) |
| 140 accuracy = secs:1, millisecs:500, microsecs:100 # (optional) |
| 141 ordering = yes # Is ordering defined for timestamps? |
| 142 # (optional, default: no) |
| 143 tsa_name = yes # Must the TSA name be included in the reply? |
| 144 # (optional, default: no) |
| 145 ess_cert_id_chain = yes # Must the ESS cert id chain be included? |
| 146 # (optional, default: no) |
| 147 |
| 148 [ tsa_config2 ] |
| 149 |
| 150 # This configuration uses a certificate which doesn't have timeStamping usage. |
| 151 # These are used by the TSA reply generation only. |
| 152 dir = . # TSA root directory |
| 153 serial = $dir/tsa_serial # The current serial number (mandatory) |
| 154 signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate |
| 155 # (optional) |
| 156 certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply |
| 157 # (optional) |
| 158 signer_key = $dir/tsa_key2.pem # The TSA private key (optional) |
| 159 |
| 160 default_policy = tsa_policy1 # Policy if request did not specify it |
| 161 # (optional) |
| 162 other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) |
| 163 digests = md5, sha1 # Acceptable message digests (mandatory) |
OLD | NEW |