summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/lib/hx509/data/openssl.cnf
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/lib/hx509/data/openssl.cnf')
-rw-r--r--crypto/heimdal/lib/hx509/data/openssl.cnf182
1 files changed, 182 insertions, 0 deletions
diff --git a/crypto/heimdal/lib/hx509/data/openssl.cnf b/crypto/heimdal/lib/hx509/data/openssl.cnf
new file mode 100644
index 0000000..7fe3b64
--- /dev/null
+++ b/crypto/heimdal/lib/hx509/data/openssl.cnf
@@ -0,0 +1,182 @@
+oid_section = new_oids
+
+[ new_oids ]
+pkkdcekuoid = 1.3.6.1.5.2.3.5
+
+[ca]
+
+default_ca = user
+
+[usr]
+database = index.txt
+serial = serial
+x509_extensions = usr_cert
+default_md=sha1
+policy = policy_match
+certs = .
+
+[ocsp]
+database = index.txt
+serial = serial
+x509_extensions = ocsp_cert
+default_md=sha1
+policy = policy_match
+certs = .
+
+[usr_ke]
+database = index.txt
+serial = serial
+x509_extensions = usr_cert_ke
+default_md=sha1
+policy = policy_match
+certs = .
+
+[usr_ds]
+database = index.txt
+serial = serial
+x509_extensions = usr_cert_ds
+default_md=sha1
+policy = policy_match
+certs = .
+
+[pkinit_client]
+database = index.txt
+serial = serial
+x509_extensions = pkinit_client_cert
+default_md=sha1
+policy = policy_match
+certs = .
+
+[pkinit_kdc]
+database = index.txt
+serial = serial
+x509_extensions = pkinit_kdc_cert
+default_md=sha1
+policy = policy_match
+certs = .
+
+[https]
+database = index.txt
+serial = serial
+x509_extensions = https_cert
+default_md=sha1
+policy = policy_match
+certs = .
+
+[subca]
+database = index.txt
+serial = serial
+x509_extensions = v3_ca
+default_md=sha1
+policy = policy_match
+certs = .
+
+
+[ req ]
+distinguished_name = req_distinguished_name
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+string_mask = utf8only
+
+[ v3_ca ]
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = CA:true
+keyUsage = cRLSign, keyCertSign, keyEncipherment, nonRepudiation, digitalSignature
+
+[ usr_cert ]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectKeyIdentifier = hash
+
+[ usr_cert_ke ]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, keyEncipherment
+subjectKeyIdentifier = hash
+
+[ proxy_cert ]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectKeyIdentifier = hash
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:0,policy:text:foo
+
+[pkinitc_princ_name]
+realm = EXP:0, GeneralString:TEST.H5L.SE
+principal_name = EXP:1, SEQUENCE:pkinitc_principal_seq
+
+[ pkinit_client_cert ]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectKeyIdentifier = hash
+subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitc_princ_name
+
+[pkinitc_principal_seq]
+name_type = EXP:0, INTEGER:1
+name_string = EXP:1, SEQUENCE:pkinitc_principals
+
+[pkinitc_principals]
+princ1 = GeneralString:bar
+
+[ https_cert ]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+#extendedKeyUsage = https-server XXX
+subjectKeyIdentifier = hash
+
+[ pkinit_kdc_cert ]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = pkkdcekuoid
+subjectKeyIdentifier = hash
+subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitkdc_princ_name
+
+[pkinitkdc_princ_name]
+realm = EXP:0, GeneralString:TEST.H5L.SE
+principal_name = EXP:1, SEQUENCE:pkinitkdc_principal_seq
+
+[pkinitkdc_principal_seq]
+name_type = EXP:0, INTEGER:1
+name_string = EXP:1, SEQUENCE:pkinitkdc_principals
+
+[pkinitkdc_principals]
+princ1 = GeneralString:krbtgt
+princ2 = GeneralString:TEST.H5L.SE
+
+[ proxy10_cert ]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectKeyIdentifier = hash
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:10,policy:text:foo
+
+[ usr_cert_ds ]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature
+subjectKeyIdentifier = hash
+
+[ ocsp_cert ]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+# ocsp-nocheck and kp-OCSPSigning
+extendedKeyUsage = 1.3.6.1.5.5.7.48.1.5, 1.3.6.1.5.5.7.3.9
+subjectKeyIdentifier = hash
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = SE
+countryName_min = 2
+countryName_max = 2
+
+organizationalName = Organizational Unit Name (eg, section)
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+#[ req_attributes ]
+#challengePassword = A challenge password
+#challengePassword_min = 4
+#challengePassword_max = 20
+
+[ policy_match ]
+countryName = match
+commonName = supplied
OpenPOWER on IntegriCloud