43 lines
1.4 KiB
Plaintext
43 lines
1.4 KiB
Plaintext
|
#
|
||
|
# openssl configuration file for OCSP certificates
|
||
|
#
|
||
|
|
||
|
# Extensions to add to a certificate request (intermediate1-ca)
|
||
|
[ v3_req1 ]
|
||
|
basicConstraints = CA:false
|
||
|
subjectKeyIdentifier = hash
|
||
|
authorityKeyIdentifier = keyid:always,issuer:always
|
||
|
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||
|
authorityInfoAccess = OCSP;URI:http://127.0.0.1:22221
|
||
|
|
||
|
# Extensions to add to a certificate request (intermediate2-ca)
|
||
|
[ v3_req2 ]
|
||
|
basicConstraints = CA:false
|
||
|
subjectKeyIdentifier = hash
|
||
|
authorityKeyIdentifier = keyid:always,issuer:always
|
||
|
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||
|
authorityInfoAccess = OCSP;URI:http://127.0.0.1:22222
|
||
|
|
||
|
# Extensions to add to a certificate request (intermediate3-ca)
|
||
|
[ v3_req3 ]
|
||
|
basicConstraints = CA:false
|
||
|
subjectKeyIdentifier = hash
|
||
|
authorityKeyIdentifier = keyid:always,issuer:always
|
||
|
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||
|
authorityInfoAccess = OCSP;URI:http://127.0.0.1:22223
|
||
|
|
||
|
# Extensions for a typical CA
|
||
|
[ v3_ca ]
|
||
|
basicConstraints = CA:true
|
||
|
subjectKeyIdentifier = hash
|
||
|
authorityKeyIdentifier = keyid:always,issuer:always
|
||
|
keyUsage = keyCertSign, cRLSign
|
||
|
authorityInfoAccess = OCSP;URI:http://127.0.0.1:22220
|
||
|
|
||
|
# OCSP extensions.
|
||
|
[ v3_ocsp ]
|
||
|
basicConstraints = CA:false
|
||
|
subjectKeyIdentifier = hash
|
||
|
authorityKeyIdentifier = keyid:always,issuer:always
|
||
|
extendedKeyUsage = OCSPSigning
|