fragattacks/tests/hwsim/auth_serv/openssl2.cnf
Jouni Malinen 82f2e3ddce tests: Move from 1024 bit private keys to 2048 bit keys
Crypto libraries are starting to refuse to accept the old shorter keys,
so move all test certificates and DH to use 2048 bit (or longer) keys.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-03 18:21:13 +03:00

148 lines
2.9 KiB
INI

HOME = .
RANDFILE = $ENV::HOME/.rnd
oid_section = new_oids
[ new_oids ]
[ ca ]
default_ca = CA_default
[ CA_default ]
dir = ./test-ca
certs = $dir/certs
crl_dir = $dir/crl
database = $dir/index.txt
unique_subject = no
new_certs_dir = $dir/newcerts
certificate = $dir/cacert.pem
serial = $dir/serial
crlnumber = $dir/crlnumber
crl = $dir/crl.pem
private_key = $dir/private/cakey.pem
RANDFILE = $dir/private/.rand
x509_extensions = usr_cert
name_opt = ca_default
cert_opt = ca_default
default_days = 365
default_crl_days= 30
default_md = default
preserve = no
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = optional
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca
string_mask = utf8only
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = FI
countryName_min = 2
countryName_max = 2
localityName = Locality Name (eg, city)
localityName_default = Tuusula
0.organizationName = Organization Name (eg, company)
0.organizationName_default = w1.fi
commonName = Common Name (e.g. server FQDN or YOUR name)
#@CN@
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
##0.subjectAltName = dNSName:server.w1.fi
[ req_attributes ]
[ usr_cert ]
basicConstraints=CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
authorityInfoAccess = OCSP;URI:http://server.w1.fi:8888/
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName=DNS:example.com,DNS:another.example.com
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = CA:true
[ crl_ext ]
authorityKeyIdentifier=keyid:always
[ v3_OCSP ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = OCSPSigning
[ ext_client ]
basicConstraints=CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
authorityInfoAccess = OCSP;URI:http://server.w1.fi:8888/
#@ALTNAME@
extendedKeyUsage = clientAuth
[ ext_server ]
basicConstraints=CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
authorityInfoAccess = OCSP;URI:http://server.w1.fi:8888/
#@ALTNAME@
#@CERTPOL@
extendedKeyUsage = serverAuth
[ ext_client_server ]
basicConstraints=CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
authorityInfoAccess = OCSP;URI:http://server.w1.fi:8888/
#@ALTNAME@
extendedKeyUsage = clientAuth, serverAuth