diff options
| author | Rich Salz <rsalz@akamai.com> | 2020-03-04 14:08:31 -0500 |
|---|---|---|
| committer | Tomas Mraz <tmraz@fedoraproject.org> | 2020-06-03 09:56:56 +0200 |
| commit | 4e6e57cfcdd75b827ff7171927d87e95b5b86ae8 (patch) | |
| tree | 5966ad0b0dee601e0e042a5936422a24d2e79a8b /test/ca-and-certs.cnf | |
| parent | 5c01a133ecafc5ffa4ae55effd32f4f1fb642293 (diff) | |
| download | openssl-4e6e57cfcdd75b827ff7171927d87e95b5b86ae8.zip openssl-4e6e57cfcdd75b827ff7171927d87e95b5b86ae8.tar.gz openssl-4e6e57cfcdd75b827ff7171927d87e95b5b86ae8.tar.bz2 | |
Cleanup cert config files for tests
Merge test/P[12]ss.cnf into one config file
Merge CAss.cnf and Uss.cnf into ca-and-certs.cnf
Remove Netscape cert extensions, add keyUsage comment from some cnf files
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11347)
Diffstat (limited to 'test/ca-and-certs.cnf')
| -rw-r--r-- | test/ca-and-certs.cnf | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/test/ca-and-certs.cnf b/test/ca-and-certs.cnf new file mode 100644 index 0000000..598db2b --- /dev/null +++ b/test/ca-and-certs.cnf @@ -0,0 +1,90 @@ + +CN2 = Brother 2 + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = keySS.pem +distinguished_name = req_distinguished_name +encrypt_rsa_key = no +default_md = sha1 + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_value = AU +organizationName = Organization Name (eg, company) +organizationName_value = Dodgy Brothers +commonName = Common Name (eg, YOUR name) +commonName_value = Dodgy CA + +#################################################################### +[ userreq ] +default_bits = 2048 +default_keyfile = keySS.pem +distinguished_name = user_dn +encrypt_rsa_key = no +default_md = sha256 +prompt = no + +[ user_dn ] +countryName = AU +organizationName = Dodgy Brothers +0.commonName = Brother 1 +1.commonName = $ENV::CN2 + +[ v3_ee ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +basicConstraints = CA:false +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ee_dsa ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +basicConstraints = CA:false +keyUsage = nonRepudiation, digitalSignature + +[ v3_ee_ec ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +basicConstraints = CA:false +keyUsage = nonRepudiation, digitalSignature, keyAgreement + +#################################################################### +[ ca ] +default_ca = CA_default + +[ CA_default ] +dir = ./demoCA +certs = $dir/certs +crl_dir = $dir/crl +database = $dir/index.txt +new_certs_dir = $dir/newcerts +certificate = $dir/cacert.pem +serial = $dir/serial +crl = $dir/crl.pem +private_key = $dir/private/cakey.pem +x509_extensions = v3_ca +name_opt = ca_default +cert_opt = ca_default +default_days = 365 +default_crl_days= 30 +default_md = sha1 +preserve = no +policy = policy_anything + +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ v3_ca ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +basicConstraints = critical,CA:true,pathlen:1 +keyUsage = cRLSign, keyCertSign +issuerAltName = issuer:copy |