1 # OpenSSL configuration file for Hotspot 2.0 PKI (Intermediate CA)
4 RANDFILE = $ENV::HOME/.rnd
9 #logotypeoid=1.3.6.1.5.5.7.1.12
11 ####################################################################
13 default_ca = CA_default # The default ca section
15 ####################################################################
18 dir = ./demoCA # Where everything is kept
19 certs = $dir/certs # Where the issued certs are kept
20 crl_dir = $dir/crl # Where the issued crl are kept
21 database = $dir/index.txt # database index file.
22 #unique_subject = no # Set to 'no' to allow creation of
23 # several certificates with same subject
24 new_certs_dir = $dir/newcerts # default place for new certs.
26 certificate = $dir/cacert.pem # The CA certificate
27 serial = $dir/serial # The current serial number
28 crlnumber = $dir/crlnumber # the current crl number
29 # must be commented out to leave a V1 CRL
30 crl = $dir/crl.pem # The current CRL
31 private_key = $dir/private/cakey.pem# The private key
32 RANDFILE = $dir/private/.rand # private random number file
34 x509_extensions = ext_client # The extentions to add to the cert
36 name_opt = ca_default # Subject Name options
37 cert_opt = ca_default # Certificate field options
39 # Extension copying option: use with caution.
40 copy_extensions = copy
42 default_days = 365 # how long to certify for
43 default_crl_days= 30 # how long before next CRL
44 default_md = default # use public key default MD
45 preserve = no # keep passed DN ordering
51 countryName = supplied
52 stateOrProvinceName = optional
53 organizationName = supplied
54 organizationalUnitName = optional
56 emailAddress = optional
60 stateOrProvinceName = optional
61 organizationName = match
62 organizationalUnitName = supplied
64 emailAddress = optional
67 countryName = optional
68 stateOrProvinceName = optional
69 localityName = optional
70 organizationName = optional
71 organizationalUnitName = optional
73 emailAddress = optional
75 ####################################################################
78 default_keyfile = privkey.pem
79 distinguished_name = req_distinguished_name
80 attributes = req_attributes
81 x509_extensions = v3_ca # The extentions to add to the self signed cert
83 input_password = @PASSWORD@
84 output_password = @PASSWORD@
86 string_mask = utf8only
88 [ req_distinguished_name ]
89 countryName = Country Name (2 letter code)
90 countryName_default = FI
94 localityName = Locality Name (eg, city)
95 localityName_default = Tuusula
97 0.organizationName = Organization Name (eg, company)
98 0.organizationName_default = @DOMAIN@
100 ##organizationalUnitName = Organizational Unit Name (eg, section)
101 #organizationalUnitName_default =
104 commonName = Common Name (e.g. server FQDN or YOUR name)
108 emailAddress = Email Address
109 emailAddress_max = 64
115 # Hotspot 2.0 PKI requirements
116 subjectKeyIdentifier=hash
117 authorityKeyIdentifier=keyid:always,issuer
118 basicConstraints = critical, CA:true, pathlen:0
119 keyUsage = critical, cRLSign, keyCertSign
120 authorityInfoAccess = OCSP;URI:@OCSP_URI@
121 # For SP intermediate CA
122 #subjectAltName=critical,otherName:1.3.6.1.4.1.40808.1.1.1;UTF8String:engExample OSU
123 #nameConstraints=permitted;DNS:.@DOMAIN@
124 #1.3.6.1.5.5.7.1.12=ASN1:SEQUENCE:LogotypeExtn
128 basicConstraints = critical, CA:true, pathlen:0
129 keyUsage = critical, keyEncipherment
132 #logotypeoid=ASN1:SEQUENCE:LogotypeExtn
133 1.3.6.1.5.5.7.1.12=ASN1:SEQUENCE:LogotypeExtn
135 communityLogos=EXP:0,SEQUENCE:LogotypeInfo
137 # note: implicit tag converted to explicit for CHOICE
138 direct=EXP:0,SEQUENCE:LogotypeData
140 image=SEQUENCE:LogotypeImage
142 imageDetails=SEQUENCE:LogotypeDetails
143 imageInfo=SEQUENCE:LogotypeImageInfo
145 mediaType=IA5STRING:image/png
146 logotypeHash=SEQUENCE:HashAlgAndValues
147 logotypeURI=SEQUENCE:URI
149 value1=SEQUENCE:HashAlgAndValueSHA256
150 #value2=SEQUENCE:HashAlgAndValueSHA1
151 [HashAlgAndValueSHA256]
152 hashAlg=SEQUENCE:sha256_alg
153 hashValue=FORMAT:HEX,OCTETSTRING:@LOGO_HASH256@
154 [HashAlgAndValueSHA1]
155 hashAlg=SEQUENCE:sha1_alg
156 hashValue=FORMAT:HEX,OCTETSTRING:@LOGO_HASH1@
162 uri=IA5STRING:@LOGO_URI@
164 # default value color(1), component optional
165 #type=IMP:0,INTEGER:1
166 fileSize=INTEGER:7549
169 language=IMP:4,IA5STRING:zxx
173 # issuerAltName=issuer:copy
174 authorityKeyIdentifier=keyid:always
178 basicConstraints = CA:FALSE
179 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
180 extendedKeyUsage = OCSPSigning
184 basicConstraints=CA:FALSE
185 subjectKeyIdentifier=hash
186 authorityKeyIdentifier=keyid,issuer
187 authorityInfoAccess = OCSP;URI:@OCSP_URI@
189 extendedKeyUsage = clientAuth
193 # Hotspot 2.0 PKI requirements
194 basicConstraints=critical, CA:FALSE
195 subjectKeyIdentifier=hash
196 authorityKeyIdentifier=keyid,issuer
197 authorityInfoAccess = OCSP;URI:@OCSP_URI@
199 extendedKeyUsage = critical, serverAuth
200 keyUsage = critical, keyEncipherment