# This config is used by the Time Stamp Authority tests.
#
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME = .
-RANDFILE = $ENV::HOME/.rnd
+RANDFILE = ./.rnd
# Extra OBJECT IDENTIFIER info:
oid_section = new_oids
+TSDNSECT = ts_cert_dn
+INDEX = 1
+
[ new_oids ]
# Policies used by the TSA tests.
RANDFILE = $dir/private/.rand # private random number file
default_days = 365 # how long to certify for
-default_md = sha1 # which md to use.
+default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
policy = policy_match
#----------------------------------------------------------------------
[ req ]
-default_bits = 1024
+default_bits = 2048
default_md = sha1
-distinguished_name = req_distinguished_name
+distinguished_name = $ENV::TSDNSECT
encrypt_rsa_key = no
+prompt = no
# attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
+x509_extensions = v3_ca # The extensions to add to the self signed cert
string_mask = nombstr
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = HU
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default =
-
-localityName = Locality Name (eg, city)
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default =
-
-commonName = Common Name (eg, YOUR name)
-commonName_max = 64
+[ ts_ca_dn ]
+countryName = HU
+stateOrProvinceName = Budapest
+localityName = Budapest
+organizationName = Gov-CA Ltd.
+commonName = ca1
-[ req_attributes ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-
-unstructuredName = An optional company name
+[ ts_cert_dn ]
+countryName = HU
+stateOrProvinceName = Budapest
+localityName = Buda
+organizationName = Hun-TSA Ltd.
+commonName = tsa$ENV::INDEX
[ tsa_cert ]
serial = $dir/tsa_serial # The current serial number (mandatory)
signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate
# (optional)
-certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply
+certs = $dir/tsaca.pem # Certificate chain to include in reply
# (optional)
signer_key = $dir/tsa_key1.pem # The TSA private key (optional)
-
+signer_digest = sha256 # Signing digest to use. (Optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
-digests = md5, sha1 # Acceptable message digests (mandatory)
+digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
ordering = yes # Is ordering defined for timestamps?
# (optional, default: no)
# (optional, default: no)
ess_cert_id_chain = yes # Must the ESS cert id chain be included?
# (optional, default: no)
+ess_cert_id_alg = sha256 # algorithm to compute certificate
+ # identifier (optional, default: sha1)
[ tsa_config2 ]
certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply
# (optional)
signer_key = $dir/tsa_key2.pem # The TSA private key (optional)
-
+signer_digest = sha256 # Signing digest to use. (Optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
-digests = md5, sha1 # Acceptable message digests (mandatory)
+digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)