User:Pjones/SecureBootSmartCardDeploymentOpenSSLconf

From FedoraProject

< User:Pjones(Difference between revisions)
Jump to: navigation, search
(Created page with "<pre> [ca] default_ca = issuer [issuer] private_key = /home/pjones/db/ca.key certificate = /home/pjones/db/ca.crt database = /home/pjones/db/ca.db serial = /home/pjones/db/ca...")
 
(Blanked the page)
 
Line 1: Line 1:
<pre>
 
[ca]
 
default_ca = issuer
 
  
[issuer]
 
private_key = /home/pjones/db/ca.key
 
certificate = /home/pjones/db/ca.crt
 
database = /home/pjones/db/ca.db
 
serial = /home/pjones/db/ca.srl
 
default_md = SHA256
 
new_certs_dir = /tmp/tmp.Ee0O9HNoGJ
 
policy = no_policy
 
 
[no_policy]
 
 
[req_oids]
 
domainComponent = 0.9.2342.19200300.100.1.25
 
 
[req_ca]
 
prompt = no
 
oid_section = req_oids
 
distinguished_name = req_ca_name
 
default_md = SHA256
 
subjectKeyIdentifier=hash
 
 
[req_ca_name]
 
C=US
 
#stateOrProvinceName=SomeState
 
localityName=SomeCity
 
O=SomeOrg
 
#commonName = Test Certifying CA
 
 
[v3_ca]
 
subjectKeyIdentifier=hash
 
authorityKeyIdentifier=keyid:always
 
#authorityKeyIdentifier=keyid:always,issuer:always
 
keyUsage=nonRepudiation,digitalSignature,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign
 
basicConstraints=critical,CA:TRUE
 
nsComment="Testing CA Certificate"
 
 
[req_ocsp]
 
prompt = no
 
oid_section = req_oids
 
distinguished_name = req_ocsp_name
 
default_md = SHA256
 
 
[req_ocsp_name]
 
C=US
 
#stateOrProvinceName=SomeState
 
localityName=SomeOrg
 
O=SomeOrg
 
#commonName = OCSP Signer for Test Certifying CA
 
 
[v3_ocsp]
 
subjectKeyIdentifier=hash
 
#authorityKeyIdentifier=keyid:always,issuer:always
 
authorityKeyIdentifier=keyid:always
 
keyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign
 
extendedKeyUsage=1.3.6.1.5.5.7.3.9
 
#basicConstraints=CA:FALSE
 
basicConstraints=CA:TRUE
 
nsComment="Testing OCSP Certificate"
 
1.3.6.1.5.5.7.48.1.5=ASN1:NULL
 
 
[req_issued]
 
prompt = no
 
oid_section = req_oids
 
distinguished_name = req_issued_name
 
default_md = SHA256
 
 
[req_issued_name]
 
C=US
 
#stateOrProvinceName=SomeState
 
localityName=SomeCity
 
O=SomeOrg
 
commonName = Fedora
 
 
[v3_issued]
 
#certificatePolicies=2.5.29.32.0,1.3.6.1.5.5.7.3.3,1.3.6.1.4.1.311.10.3.1
 
subjectKeyIdentifier=hash
 
authorityKeyIdentifier=keyid:always
 
#authorityKeyIdentifier=keyid:always,issuer:always
 
keyUsage = critical,digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign,encipherOnly,decipherOnly
 
extendedKeyUsage = 1.3.6.1.5.5.7.3.3,1.3.6.1.4.1.311.10.3.1
 
basicConstraints=CA:FALSE
 
nsComment="Testing Certificate for Fedora"
 
</pre>
 

Latest revision as of 19:41, 9 October 2012