diff options
Diffstat (limited to 'selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com')
9 files changed, 489 insertions, 0 deletions
diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-cert.cer b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-cert.cer Binary files differnew file mode 100644 index 0000000..918ddc1 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-cert.cer diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-cert.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-cert.pem new file mode 100644 index 0000000..2d0735a --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-cert.pem @@ -0,0 +1,169 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 7 (0x7) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Feb 28 13:31:01 2020 GMT + Not After : Feb 23 13:31:01 2040 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=administrator@addom2.samba.example.com/emailAddress=administrator@addom2.samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:eb:0e:b0:1d:53:4f:3c:0f:f8:90:d6:33:64:68: + 7e:ed:7c:46:96:c6:77:9c:0a:07:ed:8c:13:da:e7: + bb:b3:79:63:4b:ec:5a:2a:59:57:7c:38:69:50:c0: + a1:b4:ba:f8:1d:56:78:77:95:b3:44:13:12:83:df: + 20:95:12:01:e5:1e:1a:5b:38:69:48:86:e8:a6:0a: + 32:f4:38:36:f8:84:bd:5b:a9:70:48:c5:49:25:79: + 70:98:23:a7:58:3e:09:97:6d:67:b1:95:fa:08:86: + 2d:d6:b7:c5:d2:06:aa:5b:b8:f5:93:e6:c5:20:9a: + 9b:0c:90:2b:c7:2e:20:2f:e8:07:45:03:f3:4d:2c: + d9:eb:9c:91:d2:68:cc:fe:57:78:5c:2e:57:5b:a6: + 0e:10:6a:b8:05:ce:ab:12:31:49:e8:34:7c:3f:91: + 63:ce:3e:a6:ff:c0:7b:1b:95:b7:9b:99:a9:c7:ec: + d6:45:b7:9e:24:ee:c0:2b:a3:4c:a2:f9:04:5b:18: + 2f:0e:8b:2b:16:89:5d:cc:92:fa:49:dd:09:92:72: + 14:ba:8f:48:bd:6e:9b:88:14:98:6f:bc:0c:e3:bb: + a9:d1:0a:a8:93:6b:75:70:98:f9:a8:d8:0f:c5:e6: + a9:a4:e5:b3:72:81:76:07:73:c9:3e:d2:43:62:fe: + 1a:3b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Client, S/MIME + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Smart Card Login Certificate for administrator@addom2.samba.example.com + X509v3 Subject Key Identifier: + 54:FB:DA:B4:F9:26:58:9A:8F:C2:D2:0A:95:B0:95:F6:D2:F6:1B:AE + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + email:administrator@addom2.samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, scardLogin + Signature Algorithm: sha256WithRSAEncryption + a3:8d:f9:4e:77:ba:67:28:63:6e:3e:70:91:64:3f:51:b3:69: + ab:ff:10:04:e4:39:d1:98:bf:7e:c7:da:d3:4e:d5:29:f7:ae: + ca:e2:b1:f7:ea:67:38:7e:bb:a8:55:33:c1:de:79:6a:49:56: + 6a:48:8c:3b:43:8b:03:f4:30:11:ac:ee:88:28:ed:11:6c:37: + 33:13:7f:25:aa:d6:71:99:d2:f8:fb:4f:7a:44:c7:20:78:b2: + 22:44:17:d8:56:10:a2:4c:48:1c:3a:ad:bf:82:d7:e5:e0:66: + e9:ac:a1:11:23:b3:f8:f7:a7:84:5f:b7:d2:30:89:b7:bc:3f: + 9c:61:d8:12:bb:a4:fe:af:53:f9:f7:26:8e:be:9a:79:53:47: + b6:2b:d3:31:60:e1:39:11:11:c3:32:b8:32:d2:e2:6d:8a:05: + ae:f5:7e:f7:03:33:1c:6c:07:8e:81:a4:26:f2:0d:22:af:fe: + 48:12:48:a8:09:e2:98:4e:b9:c5:07:16:5d:a3:b2:73:7c:4c: + a7:3e:24:e9:d8:cc:72:a3:87:dd:c7:69:8d:58:dd:2e:27:69: + 72:b4:fb:62:cf:66:c4:7a:8b:8b:c4:03:16:b6:9d:7f:7b:f5: + 44:c2:04:a7:17:80:9c:f7:32:ba:3a:05:e1:71:28:16:88:6a: + 9c:f8:0e:5e:c9:0b:81:eb:2c:05:3c:4c:ff:ba:72:10:da:99: + 95:e1:ef:d2:dd:95:7d:d0:24:f6:8f:e0:1c:75:25:64:80:0e: + 16:9f:c1:d7:76:7e:45:85:27:a8:85:80:c3:62:40:58:1b:75: + c3:8e:40:0c:d9:f1:5b:a0:6b:1e:47:99:4f:00:11:68:19:93: + 77:4b:1b:56:94:79:95:f6:b8:92:49:14:e0:8f:2b:40:4c:82: + 4c:5b:a0:e2:0f:d4:f3:d1:3c:f3:e6:4c:c4:3d:2a:4c:e8:ca: + 10:c0:39:81:64:db:68:80:12:07:3f:92:7c:e0:09:aa:42:77: + 51:1e:ee:ad:33:c8:8f:f4:f2:35:2b:c7:b7:57:7c:2e:c8:27: + 71:c8:5b:1a:f2:83:fa:4f:85:13:ea:ce:0b:2f:b7:76:86:77: + 00:82:46:2f:bf:1c:b2:de:5d:52:40:64:41:54:0b:9f:8c:84: + d9:dd:08:02:51:d0:06:d0:07:6f:a1:ef:74:f4:d9:f5:30:9c: + 15:c3:d6:89:b7:f5:81:5a:c0:44:3d:99:54:e8:25:56:1f:63: + be:5c:f7:be:f1:9c:24:e0:55:46:c4:a5:7e:3f:82:20:b9:4a: + d6:14:82:45:14:d8:91:75:33:c5:df:86:9c:19:17:a4:31:4a: + 37:a2:9e:b9:11:84:ab:df:bc:21:2b:9b:96:83:b7:1b:13:78: + 07:b2:c5:5f:97:48:3b:7e:43:10:34:68:e8:25:bd:51:a0:ae: + 17:52:62:47:3c:c9:f0:b5:55:95:cd:68:d3:5f:aa:85:be:ea: + fb:2a:8a:e4:50:3d:96:5b:b3:a9:e5:45:e4:2d:da:da:8d:f0: + ae:c0:98:47:8e:ca:46:c2:21:68:a6:f9:17:41:a2:c6:21:b9: + bc:73:a7:c3:84:a9:31:b7:54:04:33:2a:fb:57:32:47:93:e1: + b2:ff:58:5b:f3:19:66:bc:65:8e:00:29:9d:56:60:7d:28:b2: + 6d:a5:a9:eb:04:7c:d3:e7:d7:af:2d:fe:df:1e:9c:3b:a9:bb: + a0:14:e4:02:7f:e6:e7:0a:b2:37:bd:fd:67:32:82:4f:c0:41: + 89:96:9a:f2:9a:04:eb:82:ee:81:8a:00:15:5e:b2:d0:e1:72: + 74:47:2f:97:fb:33:f1:8c:b9:25:8f:02:71:75:b7:21:10:74: + 4f:5f:5f:61:51:4a:69:d1:03:6b:7a:51:e4:08:03:1f:c2:a7: + 2c:c2:10:b8:27:9f:aa:01:15:61:71:72:d6:ca:23:7f:d7:60: + b8:65:51:ca:65:8e:ef:74:2e:fc:89:23:0b:55:b5:83:d7:0b: + 8c:16:ab:1a:be:3a:79:62:b3:6e:64:d1:c2:48:af:81:0e:d4: + 1f:2e:2f:c7:47:16:79:a9:b9:cc:08:29:2e:da:d5:75:96:53: + b1:be:2c:5a:5a:9c:6b:40:16:e5:92:63:49:64:99:44:c1:bc: + 2a:40:fc:3c:50:c3:dd:07:31:ee:1d:46:38:1b:c8:12:a0:16: + 9d:1c:f6:0e:a7:66:8a:b0:2f:11:19:03:1d:66:6f:fe:cc:3a: + 6c:99:ce:60:b7:f1:e9:56:40:4d:fc:ac:eb:a5:04:de:85:7c: + 19:c7:16:c1:e1:26:43:03:da:f3:50:25:16:99:e0:fa:cd:59: + c7:8b:52:cf:fc:20:d0:68:50:b9:83:36:bb:44:7b:1f:92:5f: + f6:19:5b:91:de:33:2c:f9:80:25:b9:30:4c:fa:92:5b:6d:c2: + 65:10:98:1c:c6:61:51:9e:d0:c9:49:1b:c5:c5:8a:89:72:d0: + b7:ff:db:03:f9:95:f2:a0:de:d9:dc:32:c6:20:02:e1:7c:89: + 2d:6e:72:12:12:c3:97:56:eb:7c:58:88:1f:9d:ad:4c:b4:6a: + 97:4b:0c:87:f3:41:bb:2a:ff:a6:bf:90:70:91:9b:b7:b1:e1: + cc:0f:c6:33:a5:05:03:db:f9:fb:79:5c:20:78:f9:1c:88:d4: + 84:bd:2f:9b:12:30:02:36:cd:8a:f3:42:4a:9c:dc:c3 +-----BEGIN CERTIFICATE----- +MIIJIDCCBQigAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0yMDAy +MjgxMzMxMDFaFw00MDAyMjMxMzMxMDFaMIG1MQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE +CwwFVXNlcnMxLzAtBgNVBAMMJmFkbWluaXN0cmF0b3JAYWRkb20yLnNhbWJhLmV4 +YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkBFiZhZG1pbmlzdHJhdG9yQGFkZG9tMi5z +YW1iYS5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AOsOsB1TTzwP+JDWM2Rofu18RpbGd5wKB+2ME9rnu7N5Y0vsWipZV3w4aVDAobS6 ++B1WeHeVs0QTEoPfIJUSAeUeGls4aUiG6KYKMvQ4NviEvVupcEjFSSV5cJgjp1g+ +CZdtZ7GV+giGLda3xdIGqlu49ZPmxSCamwyQK8cuIC/oB0UD800s2euckdJozP5X +eFwuV1umDhBquAXOqxIxSeg0fD+RY84+pv/AexuVt5uZqcfs1kW3niTuwCujTKL5 +BFsYLw6LKxaJXcyS+kndCZJyFLqPSL1um4gUmG+8DOO7qdEKqJNrdXCY+ajYD8Xm +qaTls3KBdgdzyT7SQ2L+GjsCAwEAAaOCAiYwggIiMAkGA1UdEwQCMAAwTwYDVR0f +BEgwRjBEoEKgQIY+aHR0cDovL3d3dy5zYW1iYS5leGFtcGxlLmNvbS9jcmxzL0NB +LXNhbWJhLmV4YW1wbGUuY29tLWNybC5jcmwwEQYJYIZIAYb4QgEBBAQDAgWgMAsG +A1UdDwQEAwIF4DBWBglghkgBhvhCAQ0ESRZHU21hcnQgQ2FyZCBMb2dpbiBDZXJ0 +aWZpY2F0ZSBmb3IgYWRtaW5pc3RyYXRvckBhZGRvbTIuc2FtYmEuZXhhbXBsZS5j +b20wHQYDVR0OBBYEFFT72rT5Jliaj8LSCpWwlfbS9huuMB8GA1UdIwQYMBaAFKI+ +Aiqjp005tAhNmcwMdTbqJ8M+MGkGA1UdEQRiMGCBJmFkbWluaXN0cmF0b3JAYWRk +b20yLnNhbWJhLmV4YW1wbGUuY29toDYGCisGAQQBgjcUAgOgKAwmYWRtaW5pc3Ry +YXRvckBhZGRvbTIuc2FtYmEuZXhhbXBsZS5jb20wMQYDVR0SBCowKIEmY2Etc2Ft +YmEuZXhhbXBsZS5jb21Ac2FtYmEuZXhhbXBsZS5jb20wTQYJYIZIAYb4QgEEBEAW +Pmh0dHA6Ly93d3cuc2FtYmEuZXhhbXBsZS5jb20vY3Jscy9DQS1zYW1iYS5leGFt +cGxlLmNvbS1jcmwuY3JsMB8GA1UdJQQYMBYGCCsGAQUFBwMCBgorBgEEAYI3FAIC +MA0GCSqGSIb3DQEBCwUAA4IEAQCjjflOd7pnKGNuPnCRZD9Rs2mr/xAE5DnRmL9+ +x9rTTtUp967K4rH36mc4fruoVTPB3nlqSVZqSIw7Q4sD9DARrO6IKO0RbDczE38l +qtZxmdL4+096RMcgeLIiRBfYVhCiTEgcOq2/gtfl4GbprKERI7P496eEX7fSMIm3 +vD+cYdgSu6T+r1P59yaOvpp5U0e2K9MxYOE5ERHDMrgy0uJtigWu9X73AzMcbAeO +gaQm8g0ir/5IEkioCeKYTrnFBxZdo7JzfEynPiTp2Mxyo4fdx2mNWN0uJ2lytPti +z2bEeouLxAMWtp1/e/VEwgSnF4Cc9zK6OgXhcSgWiGqc+A5eyQuB6ywFPEz/unIQ +2pmV4e/S3ZV90CT2j+AcdSVkgA4Wn8HXdn5FhSeohYDDYkBYG3XDjkAM2fFboGse +R5lPABFoGZN3SxtWlHmV9riSSRTgjytATIJMW6DiD9Tz0Tzz5kzEPSpM6MoQwDmB +ZNtogBIHP5J84AmqQndRHu6tM8iP9PI1K8e3V3wuyCdxyFsa8oP6T4UT6s4LL7d2 +hncAgkYvvxyy3l1SQGRBVAufjITZ3QgCUdAG0Advoe909Nn1MJwVw9aJt/WBWsBE +PZlU6CVWH2O+XPe+8Zwk4FVGxKV+P4IguUrWFIJFFNiRdTPF34acGRekMUo3op65 +EYSr37whK5uWg7cbE3gHssVfl0g7fkMQNGjoJb1RoK4XUmJHPMnwtVWVzWjTX6qF +vur7KorkUD2WW7Op5UXkLdrajfCuwJhHjspGwiFopvkXQaLGIbm8c6fDhKkxt1QE +Myr7VzJHk+Gy/1hb8xlmvGWOACmdVmB9KLJtpanrBHzT59evLf7fHpw7qbugFOQC +f+bnCrI3vf1nMoJPwEGJlprymgTrgu6BigAVXrLQ4XJ0Ry+X+zPxjLkljwJxdbch +EHRPX19hUUpp0QNrelHkCAMfwqcswhC4J5+qARVhcXLWyiN/12C4ZVHKZY7vdC78 +iSMLVbWD1wuMFqsavjp5YrNuZNHCSK+BDtQfLi/HRxZ5qbnMCCku2tV1llOxvixa +WpxrQBblkmNJZJlEwbwqQPw8UMPdBzHuHUY4G8gSoBadHPYOp2aKsC8RGQMdZm/+ +zDpsmc5gt/HpVkBN/KzrpQTehXwZxxbB4SZDA9rzUCUWmeD6zVnHi1LP/CDQaFC5 +gza7RHsfkl/2GVuR3jMs+YAluTBM+pJbbcJlEJgcxmFRntDJSRvFxYqJctC3/9sD ++ZXyoN7Z3DLGIALhfIktbnISEsOXVut8WIgfna1MtGqXSwyH80G7Kv+mv5BwkZu3 +seHMD8YzpQUD2/n7eVwgePkciNSEvS+bEjACNs2K80JKnNzD +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-key.pem new file mode 100644 index 0000000..a02f6ed --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-key.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIxaygDRmw72ICAggA +MBQGCCqGSIb3DQMHBAgu9NwWonUgGwSCBMjCCAaRQSglNmeXddY1GpRd9s7mCp0a +vUHtfHk4qSiPpw/qURTJfeMtZU0XTFeMd9ZSIDIuV9CVUPaaCqASlUwbmJRaGPdS +1O3xP+0V3VaB3k1c6rCdpERXf/moNSwEnnL2i6twOkW7I9+N7jIqFpeh8RHG1iEJ +ys8jm6ojtvGRQpF0aT5eboydb5f4d3vq59HXvm/h55LlzC5uao7Kuk03oU5uUeZm +CDWBwHkgBvsbD/fVaIjHrdMqsCeXQ7AMd8caJsm3GZqorCw/IzrVWXRz30Ianv/u +WzajtVtYBA69gRHPiiZ9jHbf7DR2TDRA8azpCWFpBBcp37je5RkigBAsZQDhLuN0 +oe9rk/RkIEYEhteSFnkr6AaG/44ln3EEEM3QUKuGQMi5yTQ1qHXcqHRaivR6mO9A +IOTxQ2dFdz+lbZwqas6TIEVarm1uBbeJUWtC3XRd1T1zOKmBHShUcOAyPC01Tbwc +qjFDlx1DC3c+mCNHrBgKZ71KDld6GGOPjIbAuEn6Clvo618bFlofgRa9qHTJ08KG +dxNpjpVkRCBmanTrZj5V0DFW2iEpNCoAi/eCirm82hvet4zofoS46wdoN2DBabCy +WqqrP6VHq1YRC8K6z9jimhoNmamuVYsLDBr6uDcNqX8dkgMU/AGZH0iefuJgN9iZ +sDaOU9RLTdFOlUGJ1VD5+VJVaikTQacEfsmgfz+sh8hshXGU5y1yHLC3wzXZ0ESc +ZStyFbI/a+Loul7eTulnAnDLkmHJIBXQZ/ARiY1G07iydHGLY0NZjPfPEJ42d2aM +C3DBN6AvZvZx9dAFMVLxIIfsdSiHRfiDLARO5N/frkSp8+5TFswBNLcz+1J/mVdw +VGubugfKyqJLYPhCNhk46c77Fj/OaCOOaJZBW7hmyUZY67p/K/XUFK0zsrrnGRp8 +igPM8KEOHsdcZsgDXI1gXOc33lBcOa0u9gIT7Ec8TtBo/5sqOBdPKuYniOKiO9Oy +dPeyPUqIikzgp5n/SbdHA5V35hvE1Nf8RwiR1xrFkeHOnLHlmDXNOuw/oKr2P6jw +KsvooGxZT4yT8g8D58jVs2yIn/dFjfk380hxB7aMaxyYf+4MjCYT/zYnP2/bEdcz +/k86GfmHUqT322n6SiHw4QH1blJRkOPNUehMBt3Sr5G1Mq0cCWsFuaBfmy3CcCqW +jx7DSYLaHRZxnELFceXWrJe8qCyLoFKETIMKw8g6lsvKMmAePD6DN284tJPxzXs9 +1FfRTeDgpBsbx19/vv5CgIzvcUqcFkGHHtlo2LYYYLYzflWcYtdYrfsHeNGjjk6Z +SfQcHDuQ4NeS8cgt8AyOyj5pWaD4Xiz0anrM1sry1NT82aQzEU+bIiMSnBxHGVhX +1hHDR4JATfbU7PDGpy648MIN6Ox7cHW+maRLH/MyLtavnrkFSnvf6aFt58IfKga3 +GwsCzUoXWLdSEicGPPcgW0+S9NL/C8xu67n//oijIe/9eHuw9R9J7u6hhjmWTk/S +Osq7ilvRc6ueKkFjysR+HBtQgfwXoTHXb2X5tpCBUKVJkOlin6JJW0CIfdeBKgjQ +R4hEhQ4aXHCG+IZ29IAXRvAPyrdw5Zv7lBZl5hKXk+KKMshAkR0nLBkiRJw45fR5 +SJk= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-openssl.cnf b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-openssl.cnf new file mode 100644 index 0000000..35a120e --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-openssl.cnf @@ -0,0 +1,242 @@ +# +# Based on the OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#CRLDISTPT = [CRL Distribution Point; e.g., http://crl-list.base/w4edom-l4.base.crl] +CRLDISTPT = http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used as a login credential +scardLogin=1.3.6.1.4.1.311.20.2.2 +# Used in a smart card login certificate's subject alternative name +msUPN=1.3.6.1.4.1.311.20.2.3 +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used to identify a domain controller +msKDC=1.3.6.1.5.2.3.5 +# Identifies the AD GUID +msADGUID=1.3.6.1.4.1.311.25.1 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = CA-samba.example.com # Where everything is kept +certs = $dir/_none_certs # Where the issued certs are kept +crl_dir = $dir/_none_crl # Where the issued crl are kept +database = $dir/Private/CA-samba.example.com-index.txt # database index file. +unique_subject = yes # Set to 'no' to allow creation of + # several certificates with same subject. +new_certs_dir = $dir/NewCerts # default place for new certs. + +certificate = $dir/Public/CA-samba.example.com-cert.pem # The CA certificate +serial = $dir/Private/CA-samba.example.com-serial.txt # The current serial number +crlnumber = $dir/Private/CA-samba.example.com-crlnumber.txt # the current crl number + # must be commented out to leave a V1 CRL + +#crl = $dir/Public/CA-samba.example.com-crl.pem # The current CRL +crl = $dir/Public/CA-samba.example.com-crl.crl # The current CRL +private_key = $dir/Private/CA-samba.example.com-private-key.pem # The private key +RANDFILE = $dir/Private/CA-samba.example.com.rand # private random number file + +#x509_extensions = # The extensions to add to the cert +x509_extensions = template_x509_extensions + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +crl_extensions = crl_ext + +default_days = 7300 # how long to certify for +default_crl_days= 7300 # how long before next CRL +default_md = sha256 # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = match +stateOrProvinceName = match +localityName = match +organizationName = match +organizationalUnitName = match +commonName = supplied +emailAddress = supplied + +#################################################################### +[ req ] +default_bits = 2048 +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = US +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = SambaState + +localityName = Locality Name (eg, city) +localityName_default = SambaCity + +organizationName = Organization Name (eg, company) +organizationName_default = SambaSelfTesting + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = Users + +commonName = Common Name (eg, YOUR name) +commonName_default = administrator@addom2.samba.example.com +commonName_max = 64 + +emailAddress = Email Address +emailAddress_default = administrator@addom2.samba.example.com +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 +# +#unstructuredName = An optional company name + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +# Extensions for a typical CA +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. +keyUsage = cRLSign, keyCertSign + +crlDistributionPoints=URI:$CRLDISTPT + +# Some might want this also +nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +subjectAltName=email:copy +# Copy issuer details +issuerAltName=issuer:copy + +[ crl_ext ] +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +#[ usr_cert_scarduser ] +[ template_x509_extensions ] + +# These extensions are added when 'ca' signs a request for a certificate that will be used to login from a smart card + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE +crlDistributionPoints=URI:$CRLDISTPT + +# For normal client use this is typical +nsCertType = client, email + +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "Smart Card Login Certificate for administrator@addom2.samba.example.com" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. + +subjectAltName=email:copy,otherName:msUPN;UTF8:administrator@addom2.samba.example.com + +# Copy subject details +issuerAltName=issuer:copy + +nsCaRevocationUrl = $CRLDISTPT +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +#Extended Key requirements for client certs +extendedKeyUsage = clientAuth,scardLogin + diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-private-key.pem new file mode 100644 index 0000000..bfd9bf6 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-private-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA6w6wHVNPPA/4kNYzZGh+7XxGlsZ3nAoH7YwT2ue7s3ljS+xa +KllXfDhpUMChtLr4HVZ4d5WzRBMSg98glRIB5R4aWzhpSIbopgoy9Dg2+IS9W6lw +SMVJJXlwmCOnWD4Jl21nsZX6CIYt1rfF0gaqW7j1k+bFIJqbDJArxy4gL+gHRQPz +TSzZ65yR0mjM/ld4XC5XW6YOEGq4Bc6rEjFJ6DR8P5Fjzj6m/8B7G5W3m5mpx+zW +RbeeJO7AK6NMovkEWxgvDosrFoldzJL6Sd0JknIUuo9IvW6biBSYb7wM47up0Qqo +k2t1cJj5qNgPxeappOWzcoF2B3PJPtJDYv4aOwIDAQABAoIBAGEgSJVVf0AKOWNf +nwy2QPxQhbp3d6T6YBw/7VRevKiEWAtfNkKZeBTUGnBLqIXNXAiDWnPPX6uZVeU3 +pXbzYeUSc0GOJbLaS/eP704KjGxULQpbERKAsqDRdTzoPpWvzLbNdjNjDVXIW9iF +RzBpoKsV2iOrD3lRaQ/f4rcC0Dn6k3ViM14twahAZI9TU/LcUQhmjI4xkmEOZtxi +yocK+aibj4NYiOPfDFOVmNUJnKzsBiMFH++1YlzC1BlWL+ILwA/paBxGMz7/dMPO +3kHJttV9IAZ9EoxDCRxREXOFjKEIdo/mVAIoh+IlELo9z5SDsgL/5ny/8+X3+cK+ +a9BCQcECgYEA/NHSgTC/Bf/REb+nqYhF2QLe0EUIbJAaVy9QZEkWouwdjpV4GFZ+ +cnDYP2V2NP0D3jrWr9Nfhr3vb2liraFZaMcHLJ11Ke+vUEsSLut5qTpp+L66OhDO +m7kHk1ilH2Y5GbgfV4w7QgWKXymk+OT+1G5M22Ssc79vGo+qfd/A+oUCgYEA7gOq +EJ+Ok4FKqSRNGDW1BGspqr1khsefow+6VdFyX7WhejDxUsMTnvENx0udt39ExNRM +C3o8Fu2kLQXq7F8QpryWy3t2gpPOS31ihhZkDRXR6F8VVMTF6eIDSPXl/r8usgz/ +2a7P6Etl2c3KZz+2PCeuKCzuCRuDNc4pONuDvb8CgYA70xrQ30wUi1hZrtRp1YlR +tNAs0GkR53eUMeoAERt+KglEeDIW8ECzq+g/+C5kk4qax6mNqaLtK3zBDFsBYzDZ +Dl+wOwJCjikaAummmKoNVXlGFzvSCbAaQUp9n3hTWckhQOSJvvE2ykDYC+6xxt5W +PlOJhuUX7rDHxD8/0fbEUQKBgQChZDyyTu8n2DjfHm1kaC6Zk2zKiOgceEooEKci +QAaVHZ0kNQG+Q+cPFJdqNzz3y0W/TdFOyxDp3zQ/D08v/npVBXYe/lXqzvzItXnU +QGSRduVB8w+Mzm0BXa8qjwroxYyNUUE/w0jZVB75JJEFl+8jNSjjtyulY1GCb4wG +MNtREwKBgCxPG7IYC5YTubvUE6AH9ZVm1e1QxEKF8v8YYlVwLTlmZQYVBNEQw0+M +WPScm27j3qUJG7AHG9R+nSSj3A9IeUY0trD5KCMTNuQQcXK1e0kdOlR2uGd2YUL5 +hZ9g7PjNolIpCV5Ifi6Lb8JbAOyvbcgEljGse9hN1gppmbnNndU1 +-----END RSA PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-private.p12 b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-private.p12 Binary files differnew file mode 100644 index 0000000..8c5f769 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-private.p12 diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-req.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-req.pem new file mode 100644 index 0000000..db7f078 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-req.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIDDzCCAfcCAQAwgckxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTYW1iYVN0YXRl +MRIwEAYDVQQHDAlTYW1iYUNpdHkxGTAXBgNVBAoMEFNhbWJhU2VsZlRlc3Rpbmcx +DjAMBgNVBAsMBVVzZXJzMS8wLQYDVQQDDCZhZG1pbmlzdHJhdG9yQGFkZG9tMi5z +YW1iYS5leGFtcGxlLmNvbTE1MDMGCSqGSIb3DQEJARYmYWRtaW5pc3RyYXRvckBh +ZGRvbTIuc2FtYmEuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDrDrAdU088D/iQ1jNkaH7tfEaWxnecCgftjBPa57uzeWNL7FoqWVd8 +OGlQwKG0uvgdVnh3lbNEExKD3yCVEgHlHhpbOGlIhuimCjL0ODb4hL1bqXBIxUkl +eXCYI6dYPgmXbWexlfoIhi3Wt8XSBqpbuPWT5sUgmpsMkCvHLiAv6AdFA/NNLNnr +nJHSaMz+V3hcLldbpg4QargFzqsSMUnoNHw/kWPOPqb/wHsblbebmanH7NZFt54k +7sAro0yi+QRbGC8OiysWiV3MkvpJ3QmSchS6j0i9bpuIFJhvvAzju6nRCqiTa3Vw +mPmo2A/F5qmk5bNygXYHc8k+0kNi/ho7AgMBAAGgADANBgkqhkiG9w0BAQsFAAOC +AQEAJndP6nZGzsmKplQ/4elWObJD5ye2mN64G9+Tcd+A1Y1j9XpizETi+IrikScJ +T1BDqUhCVT5fjCy3qgKBD5zeHmakZltcRki8HJT7eWWZFXhEB+buQ9KBgrrS/dX+ +6wflVgrSfe3x+506Dx6y8UDWDVy2P1r/X64uqcxOLUdrG+p8T8OYalNYcO5qQ4Dn +b5ei4bIAeE9UebUvPxfdN5UT/S/fL33fVCr8OTT60/QL4ez0KjFCLeeEv94qVaqW +Hxe9ykS7S446RhANWvH6VAeSY2Bhm+WPu9urtRe4m8qR6JC27cOAubHID9szA0ID +eHTbyblfQdALQ08lUDpNuJDVCQ== +-----END CERTIFICATE REQUEST----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-cert.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-cert.pem new file mode 120000 index 0000000..0e23e5b --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-cert.pem @@ -0,0 +1 @@ +USER-administrator@addom2.samba.example.com-S07-cert.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-private-key.pem new file mode 120000 index 0000000..5a874f3 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-private-key.pem @@ -0,0 +1 @@ +USER-administrator@addom2.samba.example.com-S07-private-key.pem
\ No newline at end of file |