From aa4d426b4d3527d7e166df1a05058c9a4a0f6683 Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <wk@koszkonutek-tmp.pl.eu.org>
Date: Fri, 30 Apr 2021 00:33:56 +0200
Subject: initial/final commit

---
 openssl-1.1.0h/test/smime-certs/ca.cnf | 66 ++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100644 openssl-1.1.0h/test/smime-certs/ca.cnf

(limited to 'openssl-1.1.0h/test/smime-certs/ca.cnf')

diff --git a/openssl-1.1.0h/test/smime-certs/ca.cnf b/openssl-1.1.0h/test/smime-certs/ca.cnf
new file mode 100644
index 0000000..835b2c6
--- /dev/null
+++ b/openssl-1.1.0h/test/smime-certs/ca.cnf
@@ -0,0 +1,66 @@
+#
+# OpenSSL example configuration file for automated certificate creation.
+#
+
+# This definition stops the following lines choking if HOME or CN
+# is undefined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+CN			= "Not Defined"
+default_ca		= ca
+
+####################################################################
+[ req ]
+default_bits		= 2048
+default_keyfile 	= privkey.pem
+# Don't prompt for fields: use those in section directly
+prompt			= no
+distinguished_name	= req_distinguished_name
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+string_mask = utf8only
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= UK
+
+organizationName		= OpenSSL Group
+# Take CN from environment so it can come from a script.
+commonName			= $ENV::CN
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request for an end entity
+# certificate
+
+basicConstraints=critical, CA:FALSE
+keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid
+
+[ dh_cert ]
+
+# These extensions are added when 'ca' signs a request for an end entity
+# DH certificate
+
+basicConstraints=critical, CA:FALSE
+keyUsage=critical, keyAgreement
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always
+basicConstraints = critical,CA:true
+keyUsage = critical, cRLSign, keyCertSign
+
-- 
cgit v1.2.3