libeap/tests/hwsim/auth_serv/ec-ca-openssl.cnf

   1 # OpenSSL configuration file for Suite B
   2
   3 HOME                    = .
   4 RANDFILE                = $ENV::HOME/.rnd
   5 oid_section             = new_oids
   6
   7 [ new_oids ]
   8
   9 [ ca ]
  10 default_ca      = CA_default
  11
  12 [ CA_default ]
  13
  14 dir             = ./ec-ca
  15 certs           = $dir/certs
  16 crl_dir         = $dir/crl
  17 database        = $dir/index.txt
  18 #unique_subject = no
  19 new_certs_dir   = $dir/newcerts
  20 certificate     = $dir/cacert.pem
  21 serial          = $dir/serial
  22 crlnumber       = $dir/crlnumber
  23 crl             = $dir/crl.pem
  24 private_key     = $dir/private/cakey.pem
  25 RANDFILE        = $dir/private/.rand
  26
  27 x509_extensions = ext_client
  28
  29 name_opt        = ca_default
  30 cert_opt        = ca_default
  31
  32 copy_extensions = copy
  33
  34 default_days    = 365
  35 default_crl_days= 30
  36 default_md      = default
  37 preserve        = no
  38
  39 policy          = policy_match
  40
  41 [ policy_match ]
  42 countryName             = match
  43 stateOrProvinceName     = optional
  44 organizationName        = match
  45 organizationalUnitName  = optional
  46 commonName              = supplied
  47 #emailAddress           = optional
  48
  49 [ policy_anything ]
  50 countryName             = optional
  51 stateOrProvinceName     = optional
  52 localityName            = optional
  53 organizationName        = optional
  54 organizationalUnitName  = optional
  55 commonName              = supplied
  56 #emailAddress           = optional
  57
  58 [ req ]
  59 distinguished_name      = req_distinguished_name
  60 attributes              = req_attributes
  61 x509_extensions = v3_ca
  62
  63 string_mask = utf8only
  64
  65 [ req_distinguished_name ]
  66 countryName                     = Country Name (2 letter code)
  67 countryName_default             = FI
  68 countryName_min                 = 2
  69 countryName_max                 = 2
  70
  71 localityName                    = Locality Name (eg, city)
  72 localityName_default            = Helsinki
  73
  74 0.organizationName              = Organization Name (eg, company)
  75 0.organizationName_default      = w1.fi
  76
  77 commonName                      = Common Name (e.g. server FQDN or YOUR name)
  78 #@CN@
  79 commonName_max                  = 64
  80
  81 [ req_attributes ]
  82
  83 [ v3_ca ]
  84
  85 subjectKeyIdentifier=hash
  86 authorityKeyIdentifier=keyid:always,issuer
  87 basicConstraints = critical, CA:true, pathlen:0
  88 keyUsage = critical, cRLSign, keyCertSign
  89
  90 [ crl_ext ]
  91
  92 # issuerAltName=issuer:copy
  93 authorityKeyIdentifier=keyid:always
  94
  95 [ ext_client ]
  96
  97 basicConstraints=CA:FALSE
  98 subjectKeyIdentifier=hash
  99 authorityKeyIdentifier=keyid,issuer
 100 #@ALTNAME@
 101 extendedKeyUsage = clientAuth
 102 keyUsage = digitalSignature, keyEncipherment
 103
 104 [ ext_server ]
 105
 106 basicConstraints=critical, CA:FALSE
 107 subjectKeyIdentifier=hash
 108 authorityKeyIdentifier=keyid,issuer
 109 #@ALTNAME@
 110 extendedKeyUsage = critical, serverAuth
 111 keyUsage = digitalSignature, keyEncipherment