crypto/heimdal/lib/hx509/data/openssl.cnf

   1 oid_section             = new_oids
   2
   3 [ new_oids ]
   4 pkkdcekuoid = 1.3.6.1.5.2.3.5
   5
   6 [ca]
   7
   8 default_ca = user
   9
  10 [usr]
  11 database        = index.txt
  12 serial          = serial
  13 x509_extensions = usr_cert
  14 default_md=sha1
  15 policy          = policy_match
  16 certs           = .
  17
  18 [ocsp]
  19 database        = index.txt
  20 serial          = serial
  21 x509_extensions = ocsp_cert
  22 default_md=sha1
  23 policy          = policy_match
  24 certs           = .
  25
  26 [usr_ke]
  27 database        = index.txt
  28 serial          = serial
  29 x509_extensions = usr_cert_ke
  30 default_md=sha1
  31 policy          = policy_match
  32 certs           = .
  33
  34 [usr_ds]
  35 database        = index.txt
  36 serial          = serial
  37 x509_extensions = usr_cert_ds
  38 default_md=sha1
  39 policy          = policy_match
  40 certs           = .
  41
  42 [pkinit_client]
  43 database        = index.txt
  44 serial          = serial
  45 x509_extensions = pkinit_client_cert
  46 default_md=sha1
  47 policy          = policy_match
  48 certs           = .
  49
  50 [pkinit_kdc]
  51 database        = index.txt
  52 serial          = serial
  53 x509_extensions = pkinit_kdc_cert
  54 default_md=sha1
  55 policy          = policy_match
  56 certs           = .
  57
  58 [https]
  59 database        = index.txt
  60 serial          = serial
  61 x509_extensions = https_cert
  62 default_md=sha1
  63 policy          = policy_match
  64 certs           = .
  65
  66 [subca]
  67 database        = index.txt
  68 serial          = serial
  69 x509_extensions = v3_ca
  70 default_md=sha1
  71 policy          = policy_match
  72 certs           = .
  73
  74
  75 [ req ]
  76 distinguished_name      = req_distinguished_name
  77 x509_extensions         = v3_ca # The extentions to add to the self signed cert
  78
  79 string_mask = utf8only
  80
  81 [ v3_ca ]
  82
  83 subjectKeyIdentifier=hash
  84 authorityKeyIdentifier=keyid:always,issuer:always
  85 basicConstraints = CA:true
  86 keyUsage = cRLSign, keyCertSign, keyEncipherment, nonRepudiation, digitalSignature
  87
  88 [ usr_cert ]
  89 basicConstraints=CA:FALSE
  90 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
  91 subjectKeyIdentifier    = hash
  92
  93 [ usr_cert_ke ]
  94 basicConstraints=CA:FALSE
  95 keyUsage = nonRepudiation, keyEncipherment
  96 subjectKeyIdentifier    = hash
  97
  98 [ proxy_cert ]
  99 basicConstraints=CA:FALSE
 100 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 101 subjectKeyIdentifier    = hash
 102 proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:0,policy:text:foo
 103
 104 [pkinitc_princ_name]
 105 realm = EXP:0, GeneralString:TEST.H5L.SE
 106 principal_name = EXP:1, SEQUENCE:pkinitc_principal_seq
 107
 108 [ pkinit_client_cert ]
 109 basicConstraints=CA:FALSE
 110 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 111 subjectKeyIdentifier    = hash
 112 subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitc_princ_name
 113
 114 [pkinitc_principal_seq]
 115 name_type = EXP:0, INTEGER:1
 116 name_string = EXP:1, SEQUENCE:pkinitc_principals
 117
 118 [pkinitc_principals]
 119 princ1 = GeneralString:bar
 120
 121 [ https_cert ]
 122 basicConstraints=CA:FALSE
 123 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 124 #extendedKeyUsage = https-server XXX
 125 subjectKeyIdentifier    = hash
 126
 127 [ pkinit_kdc_cert ]
 128 basicConstraints=CA:FALSE
 129 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 130 extendedKeyUsage = pkkdcekuoid
 131 subjectKeyIdentifier    = hash
 132 subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitkdc_princ_name
 133
 134 [pkinitkdc_princ_name]
 135 realm = EXP:0, GeneralString:TEST.H5L.SE
 136 principal_name = EXP:1, SEQUENCE:pkinitkdc_principal_seq
 137
 138 [pkinitkdc_principal_seq]
 139 name_type = EXP:0, INTEGER:1
 140 name_string = EXP:1, SEQUENCE:pkinitkdc_principals
 141
 142 [pkinitkdc_principals]
 143 princ1 = GeneralString:krbtgt
 144 princ2 = GeneralString:TEST.H5L.SE
 145
 146 [ proxy10_cert ]
 147 basicConstraints=CA:FALSE
 148 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 149 subjectKeyIdentifier    = hash
 150 proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:10,policy:text:foo
 151
 152 [ usr_cert_ds ]
 153 basicConstraints=CA:FALSE
 154 keyUsage = nonRepudiation, digitalSignature
 155 subjectKeyIdentifier    = hash
 156
 157 [ ocsp_cert ]
 158 basicConstraints=CA:FALSE
 159 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 160 # ocsp-nocheck and kp-OCSPSigning
 161 extendedKeyUsage        = 1.3.6.1.5.5.7.48.1.5, 1.3.6.1.5.5.7.3.9
 162 subjectKeyIdentifier    = hash
 163
 164 [ req_distinguished_name ]
 165 countryName                     = Country Name (2 letter code)
 166 countryName_default             = SE
 167 countryName_min                 = 2
 168 countryName_max                 = 2
 169
 170 organizationalName              = Organizational Unit Name (eg, section)
 171
 172 commonName                      = Common Name (eg, YOUR name)
 173 commonName_max                  = 64
 174
 175 #[ req_attributes ]
 176 #challengePassword              = A challenge password
 177 #challengePassword_min          = 4
 178 #challengePassword_max          = 20
 179
 180 [ policy_match ]
 181 countryName             = match
 182 commonName              = supplied