tests/aleksey-xkms-01/keys/openssl.cnf

   1 #
   2 # aleksey-xkms-01 OpenSSL configuration file.
   3 #
   4 # Environment variables:
   5 #       CA_TOP          - the CA folder (./demoCA)
   6 #       CERT_NAME       - the currently generated certificate name ("")
   7
   8 # This definition stops the following lines choking if HOME isn't
   9 # defined.
  10 HOME                            = .
  11 RANDFILE                        = $ENV::HOME/.rnd
  12
  13 [ ca ]
  14 default_ca                      = CA_default            # The default ca section
  15
  16 [ CA_default ]
  17 dir                             = $ENV::CA_TOP          # Where everything is kept
  18 certs                           = $dir/certs            # Where the issued certs are kept
  19 crl_dir                         = $dir/crl              # Where the issued crl are kept
  20 database                        = $dir/index.txt        # database index file.
  21 new_certs_dir                   = $dir/newcerts         # default place for new certs.
  22
  23 certificate                     = cert1.pem             # The CA certificate
  24 private_key                     = key1.pem              # The private key
  25 serial                          = $dir/serial           # The current serial number
  26 crl                             = $dir/crl.pem          # The current CRL
  27 RANDFILE                        = $dir/private/.rand    # private random number file
  28
  29 x509_extensions                 = usr_cert              # The extentions to add to the cert
  30
  31 # Comment out the following two lines for the "traditional"
  32 # (and highly broken) format.
  33 name_opt                        = ca_default            # Subject Name options
  34 cert_opt                        = ca_default            # Certificate field options
  35
  36 default_days                    = 3650                  # how long to certify for
  37 default_crl_days                = 30                    # how long before next CRL
  38 default_md                      = sha1                  # which md to use.
  39 preserve                        = no                    # keep passed DN ordering
  40
  41 policy                          = policy_match
  42
  43 [ policy_match ]
  44 countryName                     = match
  45 stateOrProvinceName             = match
  46 organizationName                = match
  47 organizationalUnitName          = optional
  48 commonName                      = supplied
  49 emailAddress                    = optional
  50
  51 [ policy_anything ]
  52 countryName                     = optional
  53 stateOrProvinceName             = optional
  54 localityName                    = optional
  55 organizationName                = optional
  56 organizationalUnitName          = optional
  57 commonName                      = supplied
  58 emailAddress                    = optional
  59
  60 ####################################################################
  61 [ req ]
  62 default_bits                    = 1024
  63 default_keyfile                 = privkey.pem
  64 distinguished_name              = req_distinguished_name
  65 attributes                      = req_attributes
  66 x509_extensions                 = v3_ca
  67 input_password                  = secret
  68 output_password                 = secret
  69 string_mask                     = nombstr
  70
  71 [ req_distinguished_name ]
  72 countryName                     = Country Name (2 letter code)
  73 countryName_default             = US
  74 stateOrProvinceName             = State or Province Name (full name)
  75 stateOrProvinceName_default     = California
  76 localityName                    = Locality Name (eg, city)
  77 localityName_default            = Sunnyvale
  78 0.organizationName              = Organization Name (eg, company)
  79 0.organizationName_default      = XML Security Library
  80 organizationalUnitName          = Organizational Unit Name (eg, section)
  81 organizationalUnitName_default  = $ENV::CERT_NAME
  82 commonName                      = Common Name (eg, your name or your server\'s hostname)
  83 commonName_default              = http://www.aleksey.com/xmlsec
  84 emailAddress                    = Email Address
  85 emailAddress_default            = xmlsec@aleksey.com
  86
  87 [ req_attributes ]
  88
  89 [ v3_req ]
  90 basicConstraints                = CA:FALSE
  91 keyUsage                        = nonRepudiation, digitalSignature, keyEncipherment
  92 nsComment                       = $ENV::CERT_NAME
  93
  94 [ v3_ca ]
  95 basicConstraints                = CA:TRUE
  96 subjectKeyIdentifier            = hash
  97 authorityKeyIdentifier          = keyid:always,issuer:always
  98 nsComment                       = $ENV::CERT_NAME
  99
 100 [ usr_cert ]
 101 basicConstraints                = CA:FALSE
 102 nsCertType                      = client, email, objsign
 103 keyUsage                        = nonRepudiation, digitalSignature, keyEncipherment
 104 nsComment                       = $ENV::CERT_NAME
 105 subjectKeyIdentifier            = hash
 106 authorityKeyIdentifier          = keyid,issuer:always