From Fedora Project Wiki

< User:Pjones
Revision as of 18:06, 9 October 2012 by Pjones (talk | contribs) (Created page with "<pre> [ca] default_ca = issuer [issuer] private_key = /home/pjones/db/ca.key certificate = /home/pjones/db/ca.crt database = /home/pjones/db/ca.db serial = /home/pjones/db/ca...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

[ca]
default_ca = issuer

[issuer]
private_key = /home/pjones/db/ca.key
certificate = /home/pjones/db/ca.crt
database = /home/pjones/db/ca.db
serial = /home/pjones/db/ca.srl
default_md = SHA256
new_certs_dir = /tmp/tmp.Ee0O9HNoGJ
policy = no_policy

[no_policy]

[req_oids]
domainComponent = 0.9.2342.19200300.100.1.25

[req_ca]
prompt = no
oid_section = req_oids
distinguished_name = req_ca_name
default_md = SHA256
subjectKeyIdentifier=hash

[req_ca_name]
C=US
#stateOrProvinceName=SomeState
localityName=SomeCity
O=SomeOrg
#commonName = Test Certifying CA

[v3_ca]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always
#authorityKeyIdentifier=keyid:always,issuer:always
keyUsage=nonRepudiation,digitalSignature,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign
basicConstraints=critical,CA:TRUE
nsComment="Testing CA Certificate"

[req_ocsp]
prompt = no
oid_section = req_oids
distinguished_name = req_ocsp_name
default_md = SHA256

[req_ocsp_name]
C=US
#stateOrProvinceName=SomeState
localityName=SomeOrg
O=SomeOrg
#commonName = OCSP Signer for Test Certifying CA

[v3_ocsp]
subjectKeyIdentifier=hash
#authorityKeyIdentifier=keyid:always,issuer:always
authorityKeyIdentifier=keyid:always
keyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign
extendedKeyUsage=1.3.6.1.5.5.7.3.9
#basicConstraints=CA:FALSE
basicConstraints=CA:TRUE
nsComment="Testing OCSP Certificate"
1.3.6.1.5.5.7.48.1.5=ASN1:NULL

[req_issued]
prompt = no
oid_section = req_oids
distinguished_name = req_issued_name
default_md = SHA256

[req_issued_name]
C=US
#stateOrProvinceName=SomeState
localityName=SomeCity
O=SomeOrg
commonName = Fedora

[v3_issued]
#certificatePolicies=2.5.29.32.0,1.3.6.1.5.5.7.3.3,1.3.6.1.4.1.311.10.3.1
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always
#authorityKeyIdentifier=keyid:always,issuer:always
keyUsage = critical,digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign,encipherOnly,decipherOnly
extendedKeyUsage = 1.3.6.1.5.5.7.3.3,1.3.6.1.4.1.311.10.3.1
basicConstraints=CA:FALSE
nsComment="Testing Certificate for Fedora"
Retrieved from "https://fedoraproject.org/w/index.php?title=User:Pjones/SecureBootSmartCardDeploymentOpenSSLconf&oldid=306143"