4 pkkdcekuoid = 1.3.6.1.5.2.3.5
13 x509_extensions = usr_cert
21 x509_extensions = ocsp_cert
29 x509_extensions = usr_cert_ke
37 x509_extensions = usr_cert_ds
45 x509_extensions = pkinit_client_cert
53 x509_extensions = pkinit_kdc_cert
61 x509_extensions = https_cert
69 x509_extensions = v3_ca
76 distinguished_name = req_distinguished_name
77 x509_extensions = v3_ca # The extentions to add to the self signed cert
79 string_mask = utf8only
83 subjectKeyIdentifier=hash
84 authorityKeyIdentifier=keyid:always,issuer:always
85 basicConstraints = CA:true
86 keyUsage = cRLSign, keyCertSign, keyEncipherment, nonRepudiation, digitalSignature
89 basicConstraints=CA:FALSE
90 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
91 subjectKeyIdentifier = hash
94 basicConstraints=CA:FALSE
95 keyUsage = nonRepudiation, keyEncipherment
96 subjectKeyIdentifier = hash
99 basicConstraints=CA:FALSE
100 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
101 subjectKeyIdentifier = hash
102 proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:0,policy:text:foo
105 realm = EXP:0, GeneralString:TEST.H5L.SE
106 principal_name = EXP:1, SEQUENCE:pkinitc_principal_seq
108 [ pkinit_client_cert ]
109 basicConstraints=CA:FALSE
110 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
111 subjectKeyIdentifier = hash
112 subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitc_princ_name
114 [pkinitc_principal_seq]
115 name_type = EXP:0, INTEGER:1
116 name_string = EXP:1, SEQUENCE:pkinitc_principals
119 princ1 = GeneralString:bar
122 basicConstraints=CA:FALSE
123 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
124 #extendedKeyUsage = https-server XXX
125 subjectKeyIdentifier = hash
128 basicConstraints=CA:FALSE
129 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
130 extendedKeyUsage = pkkdcekuoid
131 subjectKeyIdentifier = hash
132 subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitkdc_princ_name
134 [pkinitkdc_princ_name]
135 realm = EXP:0, GeneralString:TEST.H5L.SE
136 principal_name = EXP:1, SEQUENCE:pkinitkdc_principal_seq
138 [pkinitkdc_principal_seq]
139 name_type = EXP:0, INTEGER:1
140 name_string = EXP:1, SEQUENCE:pkinitkdc_principals
142 [pkinitkdc_principals]
143 princ1 = GeneralString:krbtgt
144 princ2 = GeneralString:TEST.H5L.SE
147 basicConstraints=CA:FALSE
148 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
149 subjectKeyIdentifier = hash
150 proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:10,policy:text:foo
153 basicConstraints=CA:FALSE
154 keyUsage = nonRepudiation, digitalSignature
155 subjectKeyIdentifier = hash
158 basicConstraints=CA:FALSE
159 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
160 # ocsp-nocheck and kp-OCSPSigning
161 extendedKeyUsage = 1.3.6.1.5.5.7.48.1.5, 1.3.6.1.5.5.7.3.9
162 subjectKeyIdentifier = hash
164 [ req_distinguished_name ]
165 countryName = Country Name (2 letter code)
166 countryName_default = SE
170 organizationalName = Organizational Unit Name (eg, section)
172 commonName = Common Name (eg, YOUR name)
176 #challengePassword = A challenge password
177 #challengePassword_min = 4
178 #challengePassword_max = 20
182 commonName = supplied