58 lines
1.6 KiB
INI
58 lines
1.6 KiB
INI
#----------------------------------------------------------------------
|
|
#
|
|
# Properties needed for a Time-Stamp Authority (TSA) certificates
|
|
#
|
|
#----------------------------------------------------------------------
|
|
|
|
# Extensions required to a TSA certificate
|
|
[ tsa_cert ]
|
|
|
|
# TSA server cert is not a CA cert, disabling CA role
|
|
basicConstraints=CA:FALSE
|
|
|
|
# The following key usage flags are mandatory for TSA server certificates.
|
|
# This parameters set the main specificities of a TSA certificate
|
|
keyUsage = nonRepudiation, digitalSignature
|
|
extendedKeyUsage = critical,timeStamping
|
|
|
|
# PKIX recommendations harmless if included in all certificates.
|
|
subjectKeyIdentifier=hash
|
|
authorityKeyIdentifier=keyid,issuer:always
|
|
|
|
|
|
#----------------------------------------------------------------------
|
|
#
|
|
# Other Properties for the CA and non-tsa certificates
|
|
#
|
|
#----------------------------------------------------------------------
|
|
|
|
# Common properties of all the certificates/CA (CN, OU, etc...)
|
|
[ dn_section ]
|
|
countryName = FR
|
|
stateOrProvinceName = Paris
|
|
localityName = Paris
|
|
organizationName = UTS-SERVER test
|
|
|
|
# CN is passed through environment variable "CN"
|
|
commonName = $ENV::CN
|
|
|
|
|
|
# OpenSSL parameters for certificate requests generation
|
|
[ req ]
|
|
default_bits = 4096
|
|
default_md = sha512
|
|
distinguished_name = dn_section
|
|
encrypt_rsa_key = no
|
|
prompt = no
|
|
# The extentions to add to the self signed cert
|
|
x509_extensions = v3_ca
|
|
|
|
|
|
# Extensions for a typical CA
|
|
[ v3_ca ]
|
|
|
|
subjectKeyIdentifier=hash
|
|
authorityKeyIdentifier=keyid:always,issuer:always
|
|
basicConstraints = critical,CA:true
|
|
keyUsage = cRLSign, keyCertSign
|