1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
extensions = extension_section
x509_extensions = extension_section
[ req ]
default_bits = 1024
distinguished_name = req_dn
encrypt_rsa_key = yes
[ req_dn ]
#1.domainComponent = DNS domain Component
#1.domainComponent_default = "com"
#2.domainComponent = DNS domain Component
#2.domainComponent_default = "localhost"
countryName = ISO country code
countryName_default = "XX"
stateOrProvinceName = State/Province Name
stateOrProvinceName_default = ""
localityName = Location
localityName_default = ""
organizationName = Organization
organizationName_default = "Looser Org."
organizationalUnitName = Organizational Unit Name
organizationalUnitName_default = "bad CA!"
commonName = Common Name
commonName_default = "Root TestCA"
commonName_max = 64
[extension_section]
# Netscape cert extensions
nsCertType = sslCA,emailCA,objCA
nsComment = "This Root CA issues sub-CA certs of different policies and has no contact with end-entities."
nsCaPolicyUrl = "https://localhost/Root/policy.html"
nsCaRevocationUrl = "http://localhost/pyca/get-cert.py/Root/crl.crl"
# PKIX
basicConstraints=critical,CA:true
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
keyUsage = cRLSign,keyCertSign
extendedKeyUsage = nsSGC,msSGC
subjectAltName = URI:"http://localhost/pyca/get-cert.py/Root/ca.crt"
crlDistributionPoints = URI:"http://localhost/pyca/get-cert.py/Root/crl.crl"
#certificatePolicies=ia5org,@polsect
[ polsect ]
#policyIdentifier=1.2.3.4
#CPS="https://localhost/Root/policy.html"
#userNotice=@notice
[ notice ]
explicitText="This Root CA issues sub-CA certs of different policies and has no contact with end-entities."
organization="Looser Org. with bad CA admin."
noticeNumbers=4, 2
|
