1
0
mirror of https://github.com/kakwa/uts-server synced 2025-01-10 13:44:29 +01:00
uts-server/tests/cfg/pki/CAtsa.cnf

58 lines
1.6 KiB
Plaintext
Raw Normal View History

#----------------------------------------------------------------------
2016-08-27 01:03:02 +02:00
#
# Properties needed for a Time-Stamp Authority (TSA) certificates
2016-08-27 01:03:02 +02:00
#
#----------------------------------------------------------------------
# Extensions required to a TSA certificate
2016-08-27 01:03:02 +02:00
[ tsa_cert ]
# TSA server cert is not a CA cert, disabling CA role
2016-08-27 01:03:02 +02:00
basicConstraints=CA:FALSE
# The following key usage flags are mandatory for TSA server certificates.
# This parameters set the main specificities of a TSA certificate
2016-08-27 01:03:02 +02:00
keyUsage = nonRepudiation, digitalSignature
extendedKeyUsage = critical,timeStamping
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
#----------------------------------------------------------------------
#
# Other Properties for the CA and non-tsa certificates
#
#----------------------------------------------------------------------
2016-08-27 01:03:02 +02:00
# Common properties of all the certificates/CA (CN, OU, etc...)
[ dn_section ]
countryName = FR
stateOrProvinceName = Paris
localityName = Paris
organizationName = UTS-SERVER test
2016-08-27 01:03:02 +02:00
# CN is passed through environment variable "CN"
commonName = $ENV::CN
2016-08-27 01:03:02 +02:00
# OpenSSL parameters for certificate requests generation
[ req ]
default_bits = 4096
default_md = sha512
distinguished_name = dn_section
encrypt_rsa_key = no
prompt = no
# The extentions to add to the self signed cert
x509_extensions = v3_ca
2016-08-27 01:03:02 +02:00
# Extensions for a typical CA
[ v3_ca ]
2016-08-27 01:03:02 +02:00
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = critical,CA:true
keyUsage = cRLSign, keyCertSign