43 lines
1.4 KiB
INI
43 lines
1.4 KiB
INI
#
|
|
# openssl configuration file for OCSP certificates
|
|
#
|
|
|
|
# Extensions to add to a certificate request (intermediate1-ca)
|
|
[ v3_req1 ]
|
|
basicConstraints = CA:false
|
|
subjectKeyIdentifier = hash
|
|
authorityKeyIdentifier = keyid:always,issuer:always
|
|
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
authorityInfoAccess = OCSP;URI:http://127.0.0.1:22221
|
|
|
|
# Extensions to add to a certificate request (intermediate2-ca)
|
|
[ v3_req2 ]
|
|
basicConstraints = CA:false
|
|
subjectKeyIdentifier = hash
|
|
authorityKeyIdentifier = keyid:always,issuer:always
|
|
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
authorityInfoAccess = OCSP;URI:http://127.0.0.1:22222
|
|
|
|
# Extensions to add to a certificate request (intermediate3-ca)
|
|
[ v3_req3 ]
|
|
basicConstraints = CA:false
|
|
subjectKeyIdentifier = hash
|
|
authorityKeyIdentifier = keyid:always,issuer:always
|
|
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
authorityInfoAccess = OCSP;URI:http://127.0.0.1:22223
|
|
|
|
# Extensions for a typical CA
|
|
[ v3_ca ]
|
|
basicConstraints = CA:true
|
|
subjectKeyIdentifier = hash
|
|
authorityKeyIdentifier = keyid:always,issuer:always
|
|
keyUsage = keyCertSign, cRLSign
|
|
authorityInfoAccess = OCSP;URI:http://127.0.0.1:22220
|
|
|
|
# OCSP extensions.
|
|
[ v3_ocsp ]
|
|
basicConstraints = CA:false
|
|
subjectKeyIdentifier = hash
|
|
authorityKeyIdentifier = keyid:always,issuer:always
|
|
extendedKeyUsage = OCSPSigning
|