summaryrefslogtreecommitdiffstats
path: root/tests/certs/rootca.conf
blob: e59c006930d9e60002aebc96386057b1fd477501 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
[ ca ]
default_ca = myca

[ crl_ext ]
issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always

 [ myca ]
 dir = /home/rincewind/Programming/wget/tests/certs
 new_certs_dir = ./
 unique_subject = no
 certificate = $dir/test-ca-cert.pem
 database = certindex
 private_key = $dir/test-ca-key.pem
 serial = certserial
 default_days = 730
 default_md = sha1
 policy = myca_policy
 x509_extensions = myca_extensions
 crlnumber = crlnumber
 default_crl_days = 730

 [ myca_policy ]
 commonName = supplied
 stateOrProvinceName = supplied
 countryName = optional
 emailAddress = optional
 organizationName = supplied
 organizationalUnitName = optional

 [ myca_extensions ]
 basicConstraints = critical,CA:TRUE
 keyUsage = critical,any
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid:always,issuer
 keyUsage = digitalSignature,keyEncipherment,cRLSign,keyCertSign
 extendedKeyUsage = serverAuth
 crlDistributionPoints = @crl_section
 subjectAltName  = @alt_names
 authorityInfoAccess = @ocsp_section

 [ v3_ca ]
 basicConstraints = critical,CA:TRUE,pathlen:0
 keyUsage = critical,any
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid:always,issuer
 keyUsage = digitalSignature,keyEncipherment,cRLSign,keyCertSign
 extendedKeyUsage = serverAuth
 crlDistributionPoints = @crl_section
 subjectAltName  = @alt_names
 authorityInfoAccess = @ocsp_section

 [alt_names]
 DNS.0 = WgetTestingServer

 [crl_section]
 URI.0 = http://test.wgettest.org/Bogus.crl
 URI.1 = http://test.wgettest.org/Bogus.crl

 [ocsp_section]
 caIssuers;URI.0 = http://test.wgettest.com/Bogus.crt
 caIssuers;URI.1 = http://test.wgettest.com/Bogus.crt
 OCSP;URI.0 = http://test.wgettest.com/ocsp/
 OCSP;URI.1 = http://test.wgettest.com/ocsp/