From Fedora Project Wiki
(Created page with "<pre> [ca] default_ca = issuer [issuer] private_key = /home/pjones/db/ca.key certificate = /home/pjones/db/ca.crt database = /home/pjones/db/ca.db serial = /home/pjones/db/ca...")
 
(Blanked the page)
 
Line 1: Line 1:
<pre>
[ca]
default_ca = issuer


[issuer]
private_key = /home/pjones/db/ca.key
certificate = /home/pjones/db/ca.crt
database = /home/pjones/db/ca.db
serial = /home/pjones/db/ca.srl
default_md = SHA256
new_certs_dir = /tmp/tmp.Ee0O9HNoGJ
policy = no_policy
[no_policy]
[req_oids]
domainComponent = 0.9.2342.19200300.100.1.25
[req_ca]
prompt = no
oid_section = req_oids
distinguished_name = req_ca_name
default_md = SHA256
subjectKeyIdentifier=hash
[req_ca_name]
C=US
#stateOrProvinceName=SomeState
localityName=SomeCity
O=SomeOrg
#commonName = Test Certifying CA
[v3_ca]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always
#authorityKeyIdentifier=keyid:always,issuer:always
keyUsage=nonRepudiation,digitalSignature,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign
basicConstraints=critical,CA:TRUE
nsComment="Testing CA Certificate"
[req_ocsp]
prompt = no
oid_section = req_oids
distinguished_name = req_ocsp_name
default_md = SHA256
[req_ocsp_name]
C=US
#stateOrProvinceName=SomeState
localityName=SomeOrg
O=SomeOrg
#commonName = OCSP Signer for Test Certifying CA
[v3_ocsp]
subjectKeyIdentifier=hash
#authorityKeyIdentifier=keyid:always,issuer:always
authorityKeyIdentifier=keyid:always
keyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign
extendedKeyUsage=1.3.6.1.5.5.7.3.9
#basicConstraints=CA:FALSE
basicConstraints=CA:TRUE
nsComment="Testing OCSP Certificate"
1.3.6.1.5.5.7.48.1.5=ASN1:NULL
[req_issued]
prompt = no
oid_section = req_oids
distinguished_name = req_issued_name
default_md = SHA256
[req_issued_name]
C=US
#stateOrProvinceName=SomeState
localityName=SomeCity
O=SomeOrg
commonName = Fedora
[v3_issued]
#certificatePolicies=2.5.29.32.0,1.3.6.1.5.5.7.3.3,1.3.6.1.4.1.311.10.3.1
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always
#authorityKeyIdentifier=keyid:always,issuer:always
keyUsage = critical,digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign,encipherOnly,decipherOnly
extendedKeyUsage = 1.3.6.1.5.5.7.3.3,1.3.6.1.4.1.311.10.3.1
basicConstraints=CA:FALSE
nsComment="Testing Certificate for Fedora"
</pre>

Latest revision as of 19:41, 9 October 2012