cosmetic change in default configuration file
This commit is contained in:
kakwa
parent
8ebbc08c88
commit
7ab15ec374
|
|
@ -1,11 +1,5 @@
|
|||
[ new_oids ]
|
||||
|
||||
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
|
||||
# Add a simple OID like this:
|
||||
# testoid1=1.2.3.4
|
||||
# Or use config file substitution like this:
|
||||
# testoid2=${testoid1}.5.6
|
||||
|
||||
# Policies used by the TSA examples.
|
||||
tsa_policy1 = 1.2.3.4.1
|
||||
tsa_policy2 = 1.2.3.4.5.6
|
||||
|
|
@ -80,36 +74,69 @@ request_timeout_ms = 30000
|
|||
# Enable TCP_NODELAY socket option on client connections.
|
||||
tcp_nodelay = 0
|
||||
|
||||
# loglevel
|
||||
# loglevel
|
||||
# debug, info, notice, warn, err, emerg, crit
|
||||
log_level = info
|
||||
|
||||
####################################################################
|
||||
[ tsa ]
|
||||
|
||||
default_tsa = tsa_config1 # the default TSA section
|
||||
# The default TSA section.
|
||||
default_tsa = tsa_config1
|
||||
|
||||
[ tsa_config1 ]
|
||||
|
||||
# These are used by the TSA reply generation only.
|
||||
dir = ./demoCA # TSA root directory
|
||||
serial = ./tsaserial # The current serial number (mandatory)
|
||||
crypto_device = builtin # OpenSSL engine to use for signing
|
||||
signer_cert = $dir/tsacert.pem # The TSA signing certificate
|
||||
# (optional)
|
||||
certs = $dir/cacert.pem # Certificate chain to include in reply
|
||||
# (optional)
|
||||
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
|
||||
|
||||
default_policy = tsa_policy1 # Policy if request did not specify it
|
||||
# (optional)
|
||||
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
|
||||
digests = md5, sha1 # Acceptable message digests (mandatory)
|
||||
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
|
||||
clock_precision_digits = 0 # number of digits after dot. (optional)
|
||||
ordering = yes # Is ordering defined for timestamps?
|
||||
# (optional, default: no)
|
||||
tsa_name = yes # Must the TSA name be included in the reply?
|
||||
# (optional, default: no)
|
||||
ess_cert_id_chain = no # Must the ESS cert id chain be included?
|
||||
# (optional, default: no)
|
||||
# TSA root directory
|
||||
dir = ./demoCA
|
||||
|
||||
# The current serial number
|
||||
# (mandatory)
|
||||
serial = ./tsaserial
|
||||
|
||||
# OpenSSL engine to use for signing
|
||||
crypto_device = builtin
|
||||
|
||||
# The TSA signing certificat
|
||||
# (optional)
|
||||
signer_cert = $dir/tsacert.pem
|
||||
|
||||
# Certificate chain to include in reply
|
||||
# (optional)
|
||||
certs = $dir/cacert.pem
|
||||
|
||||
# The TSA private key
|
||||
# (optional)
|
||||
signer_key = $dir/private/tsakey.pem
|
||||
|
||||
# Policy if request did not specify it
|
||||
# (optional)
|
||||
default_policy = tsa_policy1
|
||||
|
||||
# Acceptable policies
|
||||
# (optional)
|
||||
other_policies = tsa_policy2, tsa_policy3
|
||||
|
||||
# Acceptable message digests
|
||||
# (mandatory)
|
||||
digests = md5, sha1
|
||||
|
||||
# (optional)
|
||||
accuracy = secs:1, millisecs:500, microsecs:100
|
||||
|
||||
# Number of digits after dot.
|
||||
# (optional)
|
||||
clock_precision_digits = 0
|
||||
|
||||
# Is ordering defined for timestamps?
|
||||
# (optional, default: no)
|
||||
ordering = yes
|
||||
|
||||
# Must the TSA name be included in the reply?
|
||||
## (optional, default: no)
|
||||
tsa_name = yes
|
||||
|
||||
# Must the ESS cert id chain be included?
|
||||
# (optional, default: no)
|
||||
ess_cert_id_chain = no
|
||||
|
|
|
|||
Loading…
Reference in New Issue