From 7b63dbf4f7dc1cb41acc0ce3fa02642de9cd9d94 Mon Sep 17 00:00:00 2001 From: John White Date: Fri, 14 Jan 2005 11:02:47 +0000 Subject: [PATCH] Updated all configuration files for test certs and proxies. --- test/big-ca/ca_conf.cnf | 8 +++++++- test/big-ca/req_conf.cnf | 4 +++- test/big-ca/req_proxy_conf.cnf | 17 +++++++++++++++-- test/big-ca/req_proxy_proxy_conf.cnf | 2 +- test/expired-ca/ca_conf.cnf | 8 +++++++- test/expired-ca/req_conf.cnf | 4 +++- test/expired-ca/req_proxy_conf.cnf | 17 +++++++++++++++-- test/expired-ca/req_proxy_proxy_conf.cnf | 2 +- test/fake-ca/ca_conf.cnf | 8 +++++++- test/fake-ca/req_conf.cnf | 4 +++- test/fake-ca/req_proxy_conf.cnf | 17 +++++++++++++++-- test/fake-ca/req_proxy_proxy_conf.cnf | 2 +- test/trusted-ca/ca_conf.cnf | 8 +++++++- test/trusted-ca/req_conf.cnf | 4 +++- test/trusted-ca/req_proxy_conf.cnf | 17 +++++++++++++++-- test/trusted-ca/req_proxy_proxy_conf.cnf | 2 +- 16 files changed, 104 insertions(+), 20 deletions(-) diff --git a/test/big-ca/ca_conf.cnf b/test/big-ca/ca_conf.cnf index 6bafc6c..c9174e6 100644 --- a/test/big-ca/ca_conf.cnf +++ b/test/big-ca/ca_conf.cnf @@ -45,9 +45,15 @@ nsComment = "OpenSSL Generated Client Server Certificate" # and for everything including object signing: # nsCertType = client, email, objsign -[ ca_client_flags ] +[ ca_fclient ] # This is typical in keyUsage for a client certificate. keyUsage = nonRepudiation, digitalSignature, keyEncipherment # This will be displayed in Netscape's comment listbox. nsComment = "OpenSSL Generated Client Certificate with Flags" + +[ ca_none ] +nsComment = "OpenSSL Generated Client Certificate with Flags" + +[ proxy_none ] +keyUsage=critical,digitalSignature,keyEncipherment diff --git a/test/big-ca/req_conf.cnf b/test/big-ca/req_conf.cnf index 28ea218..7c30db9 100644 --- a/test/big-ca/req_conf.cnf +++ b/test/big-ca/req_conf.cnf @@ -25,7 +25,9 @@ commonName = $ENV::CN [ req_attributes ] #challengePassword = $ENV::PASSWORD -[ CA_cert] +[ CA_cert ] basicConstraints = CA:true subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_none ] diff --git a/test/big-ca/req_proxy_conf.cnf b/test/big-ca/req_proxy_conf.cnf index 54d9e4d..61a1812 100644 --- a/test/big-ca/req_proxy_conf.cnf +++ b/test/big-ca/req_proxy_conf.cnf @@ -1,13 +1,26 @@ +[ca] +default_ca = CA_default + +[CA_default] +dir = $ENV::CA_DIR +database = $dir/index.txt +serial = $dir/serial.txt + +certificate = $dir/$ENV::CATYPE.cert +private_key = $dir/$ENV::CATYPE.priv + [ req ] + default_bits = 1024 default_keyfile = keyfile.pem distinguished_name = req_distinguished_name attributes = req_attributes prompt = no output_password = $ENV::PASSWORD -ca_cert = CA_cert +# ca_cert = CA_cert [ req_distinguished_name ] + countryName = UG #stateOrProvinceName = South area @@ -25,9 +38,9 @@ organizationalUnitName = Relaxation #emailAddress = Email Address [ req_attributes ] -#challengePassword = $ENV::PASSWORD [ CA_cert] + basicConstraints = CA:true subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/big-ca/req_proxy_proxy_conf.cnf b/test/big-ca/req_proxy_proxy_conf.cnf index 5f2fe0a..f95b0ca 100644 --- a/test/big-ca/req_proxy_proxy_conf.cnf +++ b/test/big-ca/req_proxy_proxy_conf.cnf @@ -22,7 +22,7 @@ organizationalUnitName = Relaxation 1.commonName = $ENV::PROXYNAME -2.commonName = $ENV::PROXYPROXYNAME +2.commonName = $ENV::PROXYNAME #emailAddress = Email Address diff --git a/test/expired-ca/ca_conf.cnf b/test/expired-ca/ca_conf.cnf index 6bafc6c..c9174e6 100644 --- a/test/expired-ca/ca_conf.cnf +++ b/test/expired-ca/ca_conf.cnf @@ -45,9 +45,15 @@ nsComment = "OpenSSL Generated Client Server Certificate" # and for everything including object signing: # nsCertType = client, email, objsign -[ ca_client_flags ] +[ ca_fclient ] # This is typical in keyUsage for a client certificate. keyUsage = nonRepudiation, digitalSignature, keyEncipherment # This will be displayed in Netscape's comment listbox. nsComment = "OpenSSL Generated Client Certificate with Flags" + +[ ca_none ] +nsComment = "OpenSSL Generated Client Certificate with Flags" + +[ proxy_none ] +keyUsage=critical,digitalSignature,keyEncipherment diff --git a/test/expired-ca/req_conf.cnf b/test/expired-ca/req_conf.cnf index 28ea218..7c30db9 100644 --- a/test/expired-ca/req_conf.cnf +++ b/test/expired-ca/req_conf.cnf @@ -25,7 +25,9 @@ commonName = $ENV::CN [ req_attributes ] #challengePassword = $ENV::PASSWORD -[ CA_cert] +[ CA_cert ] basicConstraints = CA:true subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_none ] diff --git a/test/expired-ca/req_proxy_conf.cnf b/test/expired-ca/req_proxy_conf.cnf index 54d9e4d..61a1812 100644 --- a/test/expired-ca/req_proxy_conf.cnf +++ b/test/expired-ca/req_proxy_conf.cnf @@ -1,13 +1,26 @@ +[ca] +default_ca = CA_default + +[CA_default] +dir = $ENV::CA_DIR +database = $dir/index.txt +serial = $dir/serial.txt + +certificate = $dir/$ENV::CATYPE.cert +private_key = $dir/$ENV::CATYPE.priv + [ req ] + default_bits = 1024 default_keyfile = keyfile.pem distinguished_name = req_distinguished_name attributes = req_attributes prompt = no output_password = $ENV::PASSWORD -ca_cert = CA_cert +# ca_cert = CA_cert [ req_distinguished_name ] + countryName = UG #stateOrProvinceName = South area @@ -25,9 +38,9 @@ organizationalUnitName = Relaxation #emailAddress = Email Address [ req_attributes ] -#challengePassword = $ENV::PASSWORD [ CA_cert] + basicConstraints = CA:true subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/expired-ca/req_proxy_proxy_conf.cnf b/test/expired-ca/req_proxy_proxy_conf.cnf index 5f2fe0a..f95b0ca 100644 --- a/test/expired-ca/req_proxy_proxy_conf.cnf +++ b/test/expired-ca/req_proxy_proxy_conf.cnf @@ -22,7 +22,7 @@ organizationalUnitName = Relaxation 1.commonName = $ENV::PROXYNAME -2.commonName = $ENV::PROXYPROXYNAME +2.commonName = $ENV::PROXYNAME #emailAddress = Email Address diff --git a/test/fake-ca/ca_conf.cnf b/test/fake-ca/ca_conf.cnf index 6bafc6c..c9174e6 100644 --- a/test/fake-ca/ca_conf.cnf +++ b/test/fake-ca/ca_conf.cnf @@ -45,9 +45,15 @@ nsComment = "OpenSSL Generated Client Server Certificate" # and for everything including object signing: # nsCertType = client, email, objsign -[ ca_client_flags ] +[ ca_fclient ] # This is typical in keyUsage for a client certificate. keyUsage = nonRepudiation, digitalSignature, keyEncipherment # This will be displayed in Netscape's comment listbox. nsComment = "OpenSSL Generated Client Certificate with Flags" + +[ ca_none ] +nsComment = "OpenSSL Generated Client Certificate with Flags" + +[ proxy_none ] +keyUsage=critical,digitalSignature,keyEncipherment diff --git a/test/fake-ca/req_conf.cnf b/test/fake-ca/req_conf.cnf index 28ea218..7c30db9 100644 --- a/test/fake-ca/req_conf.cnf +++ b/test/fake-ca/req_conf.cnf @@ -25,7 +25,9 @@ commonName = $ENV::CN [ req_attributes ] #challengePassword = $ENV::PASSWORD -[ CA_cert] +[ CA_cert ] basicConstraints = CA:true subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_none ] diff --git a/test/fake-ca/req_proxy_conf.cnf b/test/fake-ca/req_proxy_conf.cnf index 54d9e4d..61a1812 100644 --- a/test/fake-ca/req_proxy_conf.cnf +++ b/test/fake-ca/req_proxy_conf.cnf @@ -1,13 +1,26 @@ +[ca] +default_ca = CA_default + +[CA_default] +dir = $ENV::CA_DIR +database = $dir/index.txt +serial = $dir/serial.txt + +certificate = $dir/$ENV::CATYPE.cert +private_key = $dir/$ENV::CATYPE.priv + [ req ] + default_bits = 1024 default_keyfile = keyfile.pem distinguished_name = req_distinguished_name attributes = req_attributes prompt = no output_password = $ENV::PASSWORD -ca_cert = CA_cert +# ca_cert = CA_cert [ req_distinguished_name ] + countryName = UG #stateOrProvinceName = South area @@ -25,9 +38,9 @@ organizationalUnitName = Relaxation #emailAddress = Email Address [ req_attributes ] -#challengePassword = $ENV::PASSWORD [ CA_cert] + basicConstraints = CA:true subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/fake-ca/req_proxy_proxy_conf.cnf b/test/fake-ca/req_proxy_proxy_conf.cnf index 5f2fe0a..f95b0ca 100644 --- a/test/fake-ca/req_proxy_proxy_conf.cnf +++ b/test/fake-ca/req_proxy_proxy_conf.cnf @@ -22,7 +22,7 @@ organizationalUnitName = Relaxation 1.commonName = $ENV::PROXYNAME -2.commonName = $ENV::PROXYPROXYNAME +2.commonName = $ENV::PROXYNAME #emailAddress = Email Address diff --git a/test/trusted-ca/ca_conf.cnf b/test/trusted-ca/ca_conf.cnf index 6bafc6c..c9174e6 100644 --- a/test/trusted-ca/ca_conf.cnf +++ b/test/trusted-ca/ca_conf.cnf @@ -45,9 +45,15 @@ nsComment = "OpenSSL Generated Client Server Certificate" # and for everything including object signing: # nsCertType = client, email, objsign -[ ca_client_flags ] +[ ca_fclient ] # This is typical in keyUsage for a client certificate. keyUsage = nonRepudiation, digitalSignature, keyEncipherment # This will be displayed in Netscape's comment listbox. nsComment = "OpenSSL Generated Client Certificate with Flags" + +[ ca_none ] +nsComment = "OpenSSL Generated Client Certificate with Flags" + +[ proxy_none ] +keyUsage=critical,digitalSignature,keyEncipherment diff --git a/test/trusted-ca/req_conf.cnf b/test/trusted-ca/req_conf.cnf index 28ea218..7c30db9 100644 --- a/test/trusted-ca/req_conf.cnf +++ b/test/trusted-ca/req_conf.cnf @@ -25,7 +25,9 @@ commonName = $ENV::CN [ req_attributes ] #challengePassword = $ENV::PASSWORD -[ CA_cert] +[ CA_cert ] basicConstraints = CA:true subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_none ] diff --git a/test/trusted-ca/req_proxy_conf.cnf b/test/trusted-ca/req_proxy_conf.cnf index 54d9e4d..61a1812 100644 --- a/test/trusted-ca/req_proxy_conf.cnf +++ b/test/trusted-ca/req_proxy_conf.cnf @@ -1,13 +1,26 @@ +[ca] +default_ca = CA_default + +[CA_default] +dir = $ENV::CA_DIR +database = $dir/index.txt +serial = $dir/serial.txt + +certificate = $dir/$ENV::CATYPE.cert +private_key = $dir/$ENV::CATYPE.priv + [ req ] + default_bits = 1024 default_keyfile = keyfile.pem distinguished_name = req_distinguished_name attributes = req_attributes prompt = no output_password = $ENV::PASSWORD -ca_cert = CA_cert +# ca_cert = CA_cert [ req_distinguished_name ] + countryName = UG #stateOrProvinceName = South area @@ -25,9 +38,9 @@ organizationalUnitName = Relaxation #emailAddress = Email Address [ req_attributes ] -#challengePassword = $ENV::PASSWORD [ CA_cert] + basicConstraints = CA:true subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/trusted-ca/req_proxy_proxy_conf.cnf b/test/trusted-ca/req_proxy_proxy_conf.cnf index 5f2fe0a..f95b0ca 100644 --- a/test/trusted-ca/req_proxy_proxy_conf.cnf +++ b/test/trusted-ca/req_proxy_proxy_conf.cnf @@ -22,7 +22,7 @@ organizationalUnitName = Relaxation 1.commonName = $ENV::PROXYNAME -2.commonName = $ENV::PROXYPROXYNAME +2.commonName = $ENV::PROXYNAME #emailAddress = Email Address -- 1.8.2.3