Delete temp files.
[openssl.git] / test / CAtsa.cnf
1
2 #
3 # This config is used by the Time Stamp Authority tests.
4 #
5
6 # This definition stops the following lines choking if HOME isn't
7 # defined.
8 HOME                    = .
9 RANDFILE                = $ENV::HOME/.rnd
10
11 # Extra OBJECT IDENTIFIER info:
12 oid_section             = new_oids
13
14 TSDNSECT                = ts_cert_dn
15 INDEX                   = 1
16
17 [ new_oids ]
18
19 # Policies used by the TSA tests.
20 tsa_policy1 = 1.2.3.4.1
21 tsa_policy2 = 1.2.3.4.5.6
22 tsa_policy3 = 1.2.3.4.5.7
23
24 #----------------------------------------------------------------------
25 [ ca ]
26 default_ca      = CA_default            # The default ca section
27
28 [ CA_default ]
29
30 dir             = ./demoCA
31 certs           = $dir/certs            # Where the issued certs are kept
32 database        = $dir/index.txt        # database index file.
33 new_certs_dir   = $dir/newcerts         # default place for new certs.
34
35 certificate     = $dir/cacert.pem       # The CA certificate
36 serial          = $dir/serial           # The current serial number
37 private_key     = $dir/private/cakey.pem# The private key
38 RANDFILE        = $dir/private/.rand    # private random number file
39
40 default_days    = 365                   # how long to certify for
41 default_md      = sha1                  # which md to use.
42 preserve        = no                    # keep passed DN ordering
43
44 policy          = policy_match
45
46 # For the CA policy
47 [ policy_match ]
48 countryName             = supplied
49 stateOrProvinceName     = supplied
50 organizationName        = supplied
51 organizationalUnitName  = optional
52 commonName              = supplied
53 emailAddress            = optional
54
55 #----------------------------------------------------------------------
56 [ req ]
57 default_bits            = 1024
58 default_md              = sha1
59 distinguished_name      = $ENV::TSDNSECT
60 encrypt_rsa_key         = no
61 prompt                  = no
62 # attributes            = req_attributes
63 x509_extensions = v3_ca # The extentions to add to the self signed cert
64
65 string_mask = nombstr
66
67 [ ts_ca_dn ]
68 countryName                     = HU
69 stateOrProvinceName             = Budapest
70 localityName                    = Budapest
71 organizationName                = Gov-CA Ltd.
72 commonName                      = ca1
73
74 [ ts_cert_dn ]
75 countryName                     = HU
76 stateOrProvinceName             = Budapest
77 localityName                    = Buda
78 organizationName                = Hun-TSA Ltd.
79 commonName                      = tsa$ENV::INDEX
80
81 [ tsa_cert ]
82
83 # TSA server cert is not a CA cert.
84 basicConstraints=CA:FALSE
85
86 # The following key usage flags are needed for TSA server certificates.
87 keyUsage = nonRepudiation, digitalSignature
88 extendedKeyUsage = critical,timeStamping
89
90 # PKIX recommendations harmless if included in all certificates.
91 subjectKeyIdentifier=hash
92 authorityKeyIdentifier=keyid,issuer:always
93
94 [ non_tsa_cert ]
95
96 # This is not a CA cert and not a TSA cert, either (timeStamping usage missing)
97 basicConstraints=CA:FALSE
98
99 # The following key usage flags are needed for TSA server certificates.
100 keyUsage = nonRepudiation, digitalSignature
101 # timeStamping is not supported by this certificate
102 # extendedKeyUsage = critical,timeStamping
103
104 # PKIX recommendations harmless if included in all certificates.
105 subjectKeyIdentifier=hash
106 authorityKeyIdentifier=keyid,issuer:always
107
108 [ v3_req ]
109
110 # Extensions to add to a certificate request
111 basicConstraints = CA:FALSE
112 keyUsage = nonRepudiation, digitalSignature
113
114 [ v3_ca ]
115
116 # Extensions for a typical CA
117
118 subjectKeyIdentifier=hash
119 authorityKeyIdentifier=keyid:always,issuer:always
120 basicConstraints = critical,CA:true
121 keyUsage = cRLSign, keyCertSign
122
123 #----------------------------------------------------------------------
124 [ tsa ]
125
126 default_tsa = tsa_config1       # the default TSA section
127
128 [ tsa_config1 ]
129
130 # These are used by the TSA reply generation only.
131 dir             = .                     # TSA root directory
132 serial          = $dir/tsa_serial       # The current serial number (mandatory)
133 signer_cert     = $dir/tsa_cert1.pem    # The TSA signing certificate
134                                         # (optional)
135 certs           = $dir/tsaca.pem        # Certificate chain to include in reply
136                                         # (optional)
137 signer_key      = $dir/tsa_key1.pem     # The TSA private key (optional)
138
139 default_policy  = tsa_policy1           # Policy if request did not specify it
140                                         # (optional)
141 other_policies  = tsa_policy2, tsa_policy3      # acceptable policies (optional)
142 digests         = md5, sha1             # Acceptable message digests (mandatory)
143 accuracy        = secs:1, millisecs:500, microsecs:100  # (optional)
144 ordering                = yes   # Is ordering defined for timestamps?
145                                 # (optional, default: no)
146 tsa_name                = yes   # Must the TSA name be included in the reply?
147                                 # (optional, default: no)
148 ess_cert_id_chain       = yes   # Must the ESS cert id chain be included?
149                                 # (optional, default: no)
150
151 [ tsa_config2 ]
152
153 # This configuration uses a certificate which doesn't have timeStamping usage.
154 # These are used by the TSA reply generation only.
155 dir             = .                     # TSA root directory
156 serial          = $dir/tsa_serial       # The current serial number (mandatory)
157 signer_cert     = $dir/tsa_cert2.pem    # The TSA signing certificate
158                                         # (optional)
159 certs           = $dir/demoCA/cacert.pem# Certificate chain to include in reply
160                                         # (optional)
161 signer_key      = $dir/tsa_key2.pem     # The TSA private key (optional)
162
163 default_policy  = tsa_policy1           # Policy if request did not specify it
164                                         # (optional)
165 other_policies  = tsa_policy2, tsa_policy3      # acceptable policies (optional)
166 digests         = md5, sha1             # Acceptable message digests (mandatory)