# This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. scenario IPsec entity Root type Root entity CA1 type Intermediate issuer Root entity NoKU type EE issuer CA1 entity DigSig type EE issuer CA1 ku digitalSignature entity NonRep type EE issuer CA1 ku nonRepudiation entity DigSigNonRepAndExtra type EE issuer CA1 ku digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement entity NoMatch type EE issuer CA1 ku keyEncipherment,dataEncipherment,keyAgreement entity NonCriticalServerAuthEKU type EE issuer CA1 eku serverAuth entity NonIPSECEKU type EE issuer CA1 eku codeSigning entity CriticalServerAuthEKU type EE issuer CA1 ku digitalSignature eku critical,serverAuth entity EKUIPsecIKE type EE issuer CA1 ku digitalSignature eku critical,ipsecIKE entity EKUIPsecIKEEnd type EE issuer CA1 ku digitalSignature eku ipsecIKEEnd entity EKUIPsecIKEIntermediate type EE issuer CA1 ku digitalSignature eku codeSigning,serverAuth,ipsecIKEIntermediate entity EKUAny type EE issuer CA1 ku digitalSignature eku x509Any entity EKUEmail type EE issuer CA1 ku digitalSignature eku emailProtection entity EKUIPsecUser type EE issuer CA1 ku digitalSignature eku ipsecUser db All import Root::C,, import CA1:Root: verify NoKU:CA1 usage 12 result pass verify DigSig:CA1 usage 12 result pass verify NonRep:CA1 usage 12 result pass verify DigSigNonRepAndExtra:CA1 usage 12 result pass verify NoMatch:CA1 usage 12 result fail verify NonIPSECEKU:CA1 usage 12 result fail verify NonCriticalServerAuthEKU:CA1 usage 12 result pass verify CriticalServerAuthEKU:CA1 usage 12 result pass verify EKUIPsecIKE:CA1 usage 12 result pass verify EKUIPsecIKEEnd:CA1 usage 12 result pass verify EKUIPsecIKEIntermediate:CA1 usage 12 result pass verify EKUAny:CA1 usage 12 result pass verify EKUEmail:CA1 usage 12 result pass verify EKUIPsecUser:CA1 usage 12 result pass