diff options
Diffstat (limited to 'selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com')
9 files changed, 488 insertions, 0 deletions
diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-cert.cer b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-cert.cer Binary files differnew file mode 100644 index 0000000..85773b0 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-cert.cer diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-cert.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-cert.pem new file mode 100644 index 0000000..997dfd3 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-cert.pem @@ -0,0 +1,168 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 5 (0x5) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Jun 3 19:30:47 2016 GMT + Not After : May 29 19:30:47 2036 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=pkinit@addom.samba.example.com/emailAddress=pkinit@addom.samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b3:a4:e8:bd:c8:4f:6a:71:c6:15:a8:dd:00:d6: + 61:74:00:e4:8f:b5:c4:0e:98:d9:51:aa:aa:4f:c7: + 8c:f9:6c:37:5c:60:55:da:7c:55:9c:d3:cd:e2:f1: + ed:51:39:25:d5:fa:69:7e:a7:67:9c:a9:61:1b:5c: + 73:50:d0:6f:ba:ce:3a:df:fe:ae:95:95:8e:97:ab: + c6:bb:6a:c3:60:0b:ca:c2:9c:31:ff:c6:2f:52:bb: + cb:2f:f6:2c:4d:be:20:e1:16:49:d3:22:36:66:4f: + 5c:c4:30:12:07:34:8b:00:4e:5b:51:7d:40:35:81: + dc:5c:0e:af:be:78:63:80:69:67:87:53:97:d0:3f: + d7:66:8d:26:8a:0a:24:95:f9:db:dd:93:0e:48:54: + c8:30:e4:77:0d:65:ef:a4:6a:de:29:91:77:97:40: + 5c:2e:ed:35:5e:b9:0f:37:ad:d9:70:76:99:77:45: + 8c:4a:65:63:13:72:d5:c4:53:37:57:85:0a:6d:74: + 30:8c:69:7f:83:f0:7f:f5:67:05:79:80:27:d4:38: + 6d:49:2f:8d:2a:97:2e:33:1f:d0:e0:c1:76:1b:bf: + bf:b1:75:8a:c9:b1:3f:3f:f2:4e:c5:b0:68:5e:76: + 8a:7e:9c:57:b2:ec:3d:18:83:e2:65:d5:30:5e:b5: + f4:c7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Client, S/MIME + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Smart Card Login Certificate for pkinit@addom.samba.example.com + X509v3 Subject Key Identifier: + 3E:81:65:A1:E3:7E:18:BE:80:FE:15:93:CC:20:15:FD:08:D4:A4:3D + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + email:pkinit@addom.samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, scardLogin + Signature Algorithm: sha256WithRSAEncryption + 7b:47:4c:55:7c:77:8b:8f:ca:23:3e:51:6a:51:c1:49:44:0d: + 72:56:27:79:f7:54:48:ef:74:37:5e:2a:33:68:dc:04:8a:de: + b2:8e:7b:26:6f:67:f5:bc:0a:e1:ec:74:12:86:5a:6b:56:7d: + 75:24:d0:df:c7:1e:c4:28:e8:a5:c0:e5:3a:a0:74:f8:95:70: + 61:44:a1:9c:e3:54:d8:cf:1b:e2:2f:35:d3:ca:1a:5f:07:e9: + ce:fe:79:e1:20:ac:9e:94:74:a5:80:2e:38:75:bc:bc:d7:2d: + e0:54:c1:17:9a:8e:07:42:7e:5f:2e:17:93:63:ab:ae:ed:c6: + 29:0f:91:c8:8a:99:ad:21:5b:52:a7:dd:0c:2f:32:dc:0d:36: + 9c:98:02:aa:eb:8f:2d:3a:86:1a:cf:f8:f5:da:0b:70:7e:14: + 9c:79:bc:8a:6c:c7:06:8d:3e:3b:26:2a:50:a1:05:ca:47:79: + d1:ba:55:06:cd:d2:3a:10:27:8d:cb:ee:b4:f7:90:ff:f2:fb: + 67:f0:73:0b:4f:51:5e:0b:8d:e4:94:cb:da:56:2d:18:91:b8: + 51:0f:ee:48:99:cc:ae:8b:6b:ac:d8:38:1e:5e:5e:d9:1a:29: + 52:04:52:49:49:30:60:3b:fa:4e:c9:0c:a0:67:20:e1:4a:9f: + 84:44:c8:ca:35:d5:28:a6:06:7e:dc:c3:81:8d:40:12:3d:ae: + 0d:51:42:5a:16:92:78:2e:70:0b:ba:7f:8e:52:b7:2e:a8:f1: + 72:32:ba:6f:30:92:1e:40:0f:bf:09:14:5b:63:c6:1d:b3:ac: + eb:e7:69:f0:1b:3c:b8:4a:ec:a2:22:e2:58:ad:ef:22:77:9c: + e2:51:ec:38:bf:47:d8:1e:43:77:61:3d:60:54:c7:ba:6a:be: + 87:ea:f7:9e:46:74:90:70:c3:d9:74:21:be:90:78:12:2f:30: + d2:56:3b:9a:24:27:17:1b:d0:8c:49:e7:65:a8:d2:d9:0f:f8: + e9:5e:51:8c:97:cf:90:37:e5:ad:dc:88:ac:c1:54:57:7a:9a: + f4:5a:80:25:85:7c:d0:b7:17:03:8c:b3:43:20:59:c7:f3:68: + 72:f5:53:75:df:a0:00:12:f0:28:d5:dc:70:ec:9e:c2:33:bd: + 73:e9:8c:62:b8:2f:0d:55:a3:3d:d2:21:59:4f:3a:d7:50:aa: + 43:72:25:05:a0:2f:e0:f1:79:59:2a:57:e6:b9:91:21:b9:9f: + 07:f9:49:fc:d7:97:f7:be:a7:81:69:ac:6c:9a:7c:25:5e:6b: + 48:37:90:89:ac:37:02:b5:be:41:01:56:93:71:f4:e9:75:3c: + aa:0a:9b:d6:a3:09:64:51:30:d7:2c:1a:dd:bc:83:2e:45:b5: + 90:a5:ad:16:ba:18:56:1c:88:73:b5:ee:77:6d:65:3e:11:dc: + 36:45:6a:08:99:5d:24:86:93:da:45:95:2a:de:80:96:2e:db: + d7:87:b3:f1:70:3c:b5:56:eb:ca:62:dc:3c:49:84:3c:f8:6d: + d9:44:e0:81:33:5e:f7:22:27:8b:09:05:12:a6:c1:79:56:c7: + 7f:e2:80:d6:ab:4d:e5:1a:ff:ae:9a:fd:3b:7b:aa:15:ca:10: + c2:6a:98:c4:70:63:6e:7d:94:8e:87:0a:24:bd:b1:59:85:67: + 5b:e8:2e:ff:d7:43:8c:46:06:1a:a8:ba:72:e7:0d:ef:5f:6c: + 2d:5c:14:56:ad:5d:56:a5:21:09:7b:16:44:4a:74:9d:1a:03: + aa:1a:41:29:e5:78:e4:7c:9e:53:18:61:d8:5a:d1:e8:a8:0e: + f4:d3:40:d6:6b:cd:c9:e4:a3:3d:51:54:c3:d6:09:4c:48:9e: + 34:2a:23:ad:83:ab:9a:99:c2:bf:7b:85:98:d7:b6:21:fc:c4: + 17:6c:56:46:95:98:da:e8:6c:f3:67:4e:33:fc:68:b8:af:86: + 07:8b:8e:f3:16:2c:ec:82:e7:b8:47:64:5c:f5:bd:37:75:b5: + 94:d3:09:3c:3d:6a:6d:47:81:e0:1b:df:5e:d7:6c:92:7d:23: + 91:3e:29:06:21:5b:52:62:47:87:e8:7e:20:ab:fa:cb:3f:9e: + ab:7e:55:7e:d2:76:7d:3e:ce:49:f5:ad:a1:f8:13:ba:9a:d6: + 54:bb:e9:f0:e0:a6:77:27:95:33:84:48:ff:29:87:fc:65:94: + d4:56:44:88:fc:40:0a:64:32:15:13:36:bf:fb:10:65:35:94: + 66:ad:d7:e4:16:08:c5:8b:2f:c7:a1:14:99:60:69:66:39:3f: + 8d:f3:d3:46:ae:c9:ad:85:94:9b:06:6f:7e:f9:84:b4:e7:fb: + 7c:79:1b:75:00:f7:10:19:86:57:48:ea:d5:24:eb:f5:d6:42: + 43:73:36:db:9a:15:73:01:75:db:e5:4f:d0:68:3a:3b:35:ce: + 19:ab:08:e8:75:c4:7d:b0:d8:c9:64:f9:de:e4:ae:df:a5:24: + 19:dd:b8:d1:88:40:48:2a:13:6c:ad:72:23:46:45:2c:78:0c: + d4:68:15:11:7f:e2:47:2d:ce:d0:ce:ae:43:8b:08:af:42:12: + 85:6f:4d:8b:39:e0:a1:d9:65:08:b1:dc:00:e2:e8:f0:e1:f6: + 8f:21:8e:81:cd:de:8a:d0:92:58:22:d0:b0:29:fa:f8:98:6f: + c6:e0:68:37:b4:57:90:c2:c4:7c:38:64:51:d7:61:5a +-----BEGIN CERTIFICATE----- +MIII+DCCBOCgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0xNjA2 +MDMxOTMwNDdaFw0zNjA1MjkxOTMwNDdaMIGlMQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE +CwwFVXNlcnMxJzAlBgNVBAMMHnBraW5pdEBhZGRvbS5zYW1iYS5leGFtcGxlLmNv +bTEtMCsGCSqGSIb3DQEJARYecGtpbml0QGFkZG9tLnNhbWJhLmV4YW1wbGUuY29t +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6TovchPanHGFajdANZh +dADkj7XEDpjZUaqqT8eM+Ww3XGBV2nxVnNPN4vHtUTkl1fppfqdnnKlhG1xzUNBv +us463/6ulZWOl6vGu2rDYAvKwpwx/8YvUrvLL/YsTb4g4RZJ0yI2Zk9cxDASBzSL +AE5bUX1ANYHcXA6vvnhjgGlnh1OX0D/XZo0migoklfnb3ZMOSFTIMOR3DWXvpGre +KZF3l0BcLu01XrkPN63ZcHaZd0WMSmVjE3LVxFM3V4UKbXQwjGl/g/B/9WcFeYAn +1DhtSS+NKpcuMx/Q4MF2G7+/sXWKybE/P/JOxbBoXnaKfpxXsuw9GIPiZdUwXrX0 +xwIDAQABo4ICDjCCAgowCQYDVR0TBAIwADBPBgNVHR8ESDBGMESgQqBAhj5odHRw +Oi8vd3d3LnNhbWJhLmV4YW1wbGUuY29tL2NybHMvQ0Etc2FtYmEuZXhhbXBsZS5j +b20tY3JsLmNybDARBglghkgBhvhCAQEEBAMCBaAwCwYDVR0PBAQDAgXgME4GCWCG +SAGG+EIBDQRBFj9TbWFydCBDYXJkIExvZ2luIENlcnRpZmljYXRlIGZvciBwa2lu +aXRAYWRkb20uc2FtYmEuZXhhbXBsZS5jb20wHQYDVR0OBBYEFD6BZaHjfhi+gP4V +k8wgFf0I1KQ9MB8GA1UdIwQYMBaAFKI+Aiqjp005tAhNmcwMdTbqJ8M+MFkGA1Ud +EQRSMFCBHnBraW5pdEBhZGRvbS5zYW1iYS5leGFtcGxlLmNvbaAuBgorBgEEAYI3 +FAIDoCAMHnBraW5pdEBhZGRvbS5zYW1iYS5leGFtcGxlLmNvbTAxBgNVHRIEKjAo +gSZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTBNBglghkgB +hvhCAQQEQBY+aHR0cDovL3d3dy5zYW1iYS5leGFtcGxlLmNvbS9jcmxzL0NBLXNh +bWJhLmV4YW1wbGUuY29tLWNybC5jcmwwHwYDVR0lBBgwFgYIKwYBBQUHAwIGCisG +AQQBgjcUAgIwDQYJKoZIhvcNAQELBQADggQBAHtHTFV8d4uPyiM+UWpRwUlEDXJW +J3n3VEjvdDdeKjNo3ASK3rKOeyZvZ/W8CuHsdBKGWmtWfXUk0N/HHsQo6KXA5Tqg +dPiVcGFEoZzjVNjPG+IvNdPKGl8H6c7+eeEgrJ6UdKWALjh1vLzXLeBUwReajgdC +fl8uF5Njq67txikPkciKma0hW1Kn3QwvMtwNNpyYAqrrjy06hhrP+PXaC3B+FJx5 +vIpsxwaNPjsmKlChBcpHedG6VQbN0joQJ43L7rT3kP/y+2fwcwtPUV4LjeSUy9pW +LRiRuFEP7kiZzK6La6zYOB5eXtkaKVIEUklJMGA7+k7JDKBnIOFKn4REyMo11Sim +Bn7cw4GNQBI9rg1RQloWkngucAu6f45Sty6o8XIyum8wkh5AD78JFFtjxh2zrOvn +afAbPLhK7KIi4lit7yJ3nOJR7Di/R9geQ3dhPWBUx7pqvofq955GdJBww9l0Ib6Q +eBIvMNJWO5okJxcb0IxJ52Wo0tkP+OleUYyXz5A35a3ciKzBVFd6mvRagCWFfNC3 +FwOMs0MgWcfzaHL1U3XfoAAS8CjV3HDsnsIzvXPpjGK4Lw1Voz3SIVlPOtdQqkNy +JQWgL+DxeVkqV+a5kSG5nwf5SfzXl/e+p4FprGyafCVea0g3kImsNwK1vkEBVpNx +9Ol1PKoKm9ajCWRRMNcsGt28gy5FtZClrRa6GFYciHO17ndtZT4R3DZFagiZXSSG +k9pFlSregJYu29eHs/FwPLVW68pi3DxJhDz4bdlE4IEzXvciJ4sJBRKmwXlWx3/i +gNarTeUa/66a/Tt7qhXKEMJqmMRwY259lI6HCiS9sVmFZ1voLv/XQ4xGBhqounLn +De9fbC1cFFatXValIQl7FkRKdJ0aA6oaQSnleOR8nlMYYdha0eioDvTTQNZrzcnk +oz1RVMPWCUxInjQqI62Dq5qZwr97hZjXtiH8xBdsVkaVmNrobPNnTjP8aLivhgeL +jvMWLOyC57hHZFz1vTd1tZTTCTw9am1HgeAb317XbJJ9I5E+KQYhW1JiR4fofiCr ++ss/nqt+VX7Sdn0+zkn1raH4E7qa1lS76fDgpncnlTOESP8ph/xllNRWRIj8QApk +MhUTNr/7EGU1lGat1+QWCMWLL8ehFJlgaWY5P43z00auya2FlJsGb375hLTn+3x5 +G3UA9xAZhldI6tUk6/XWQkNzNtuaFXMBddvlT9BoOjs1zhmrCOh1xH2w2Mlk+d7k +rt+lJBnduNGIQEgqE2ytciNGRSx4DNRoFRF/4kctztDOrkOLCK9CEoVvTYs54KHZ +ZQix3ADi6PDh9o8hjoHN3orQklgi0LAp+viYb8bgaDe0V5DCxHw4ZFHXYVo= +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-key.pem new file mode 100644 index 0000000..542cd3d --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-key.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIEaGZ7BvOYu4CAggA +MBQGCCqGSIb3DQMHBAhSIfRjeKrXNgSCBMh+g3dZyu/ZZ1DgB1U3qiUMIIA/hurX +2FjSuDIrn5+g7uPIxtBjQgz2+2f4kUsiqx/UBOodAwtSzjpP3HX91zyRoMke4jA1 +cx3PlsaSCwXXBmbLhI8+IAiQZ7zo4r5C91nNXVBUC+Z4bDydjXRnZHBAiGo674mB +ZbpixlAjDQWiJCZJvqDy7uqjIK9un12fU/hBWc6mLJZ8MSTWaJ9/ONGTImhbI7f7 +jtM04HihoDsh8ExeVSSWYt+vM3VIjXlbZqTi0d2ijgb4MnGsIuVVZtnvLbMSe7Ow +lGLNsbkUq3y8JsF2rkZWHE+7J33Ko9fgUr9kVaIVJpChWnOSsxVUuRydrCUS4g3L +1wmVPEW59t0jFwMt7qcQS7K1ivkjmNplyld5pBssLX4BuzKMxEsGG6c8MwSLGqcJ +g70xbraCWzn0ggKCROGvbFmIn9o7GXCnYLj3e4LfHbV0XgINiw7ufCUgRTTHEn+L +PAaGd13BxdYlquIzbSLhdijDzU+41tXI/g1bw4tAlxcKHPh9XmKRYf8DusVWRKB1 +uyouHQxEVYyJw5atQJZLlzTUWpZ0V4q2UVckN2LSFMtwTu8ZL9iNSL4l75iRaMdI ++V9a+QaAifd7qF8eujvfVgpzuiMuEonQ9iRJOErJ6/BaCO9WaZ+jE0ojZtllWjLQ +rXGRcxkROFcE36GC7YSWzKDq9WlgQKne9EDp0WevcSNTc698cz09D1/z8N1pkk1K +Ako3BKs9FUSmynSuTz52CEJ+XOd9FESsJkcu8FqUfmXM5Ubq9jhSU91skmuJHG8r +BlzkuO2va91T1Muu/RHaFhBYmaomkw2kvJ57oay7wZ/9Fm+j6PjdgAH81w3RfS+G +m+Vivp6wRmE438yy2QDgywjvk7anjZMX1R2PhXWgmKTSL1EosAFx6AZytd+xTDFa +tEIkfwVkr6fKLI1FFq2artDZAYqSpkFCmRFOMNoqc6UAzuET88y5oPDjY9RS3Ikd +Ru9VvuT2LcaWjCj3ofqV0ATYgkbGSsj6n66kZFoPBEv7dpD33mN9A0R7U8nzeXUT +0ImG4xsXv4vfumrfgG6sr17Ylsm/ntmUtcFy+ZbJCLypL2UnZya1+EC6a20kVt7X +DDpFH/qct3iBeRJnTdoTxWGbQKHRQ5Ro/GnZ02fCN0DBEyb4WHbP6T+Gy3DHF6TA +rBlC5nVNQD49d5brbPyBnBG4585mzPZI57npo3MpgEHv9+LC48LfJZaX5w7uevg+ +RnkjjIwrEIUZMrUvFxeNYKtdp9IggRGjDCPz8Y8TNBnvWuet0xRODhZTVs6zFeQw +s+NZirzyN6XSu9Wpc+CGbFx55eMOGog8t2e2HjBbeNCvri9wKP1t1CdCD+CTqJ6E +BaoP0Wippj8VGOB87djnT+7X2bJLjnYkmspk/Mhlz1EKh+j6SXh5VFCSoO3o1JbW +iyAI2vpT3+Bt4RXrUDTYV9OHpWSQXM/TYhHnVBdeq53h5UkBYsK+vSjHyjF9Jspt +ORWsCUBiaVBy3X9AMEubsITKCVAjlCacFDOraO6h7Y6LkOyuNvJ2aDo02L3sfDPY +sa43P1ERP5C4OOUzhLmavkwhJnzAHVAVCfNMCDzYe7UsSrweQ+OVfcp70uAdKfK5 +jzQ= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-openssl.cnf b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-openssl.cnf new file mode 100644 index 0000000..8bb8714 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-openssl.cnf @@ -0,0 +1,242 @@ +# +# Based on the OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#CRLDISTPT = [CRL Distribution Point; e.g., http://crl-list.base/w4edom-l4.base.crl] +CRLDISTPT = http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used as a login credential +scardLogin=1.3.6.1.4.1.311.20.2.2 +# Used in a smart card login certificate's subject alternative name +msUPN=1.3.6.1.4.1.311.20.2.3 +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used to identify a domain controller +msKDC=1.3.6.1.5.2.3.5 +# Identifies the AD GUID +msADGUID=1.3.6.1.4.1.311.25.1 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = CA-samba.example.com # Where everything is kept +certs = $dir/_none_certs # Where the issued certs are kept +crl_dir = $dir/_none_crl # Where the issued crl are kept +database = $dir/Private/CA-samba.example.com-index.txt # database index file. +unique_subject = yes # Set to 'no' to allow creation of + # several certificates with same subject. +new_certs_dir = $dir/NewCerts # default place for new certs. + +certificate = $dir/Public/CA-samba.example.com-cert.pem # The CA certificate +serial = $dir/Private/CA-samba.example.com-serial.txt # The current serial number +crlnumber = $dir/Private/CA-samba.example.com-crlnumber.txt # the current crl number + # must be commented out to leave a V1 CRL + +#crl = $dir/Public/CA-samba.example.com-crl.pem # The current CRL +crl = $dir/Public/CA-samba.example.com-crl.crl # The current CRL +private_key = $dir/Private/CA-samba.example.com-private-key.pem # The private key +RANDFILE = $dir/Private/CA-samba.example.com.rand # private random number file + +#x509_extensions = # The extensions to add to the cert +x509_extensions = template_x509_extensions + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +crl_extensions = crl_ext + +default_days = 7300 # how long to certify for +default_crl_days= 7300 # how long before next CRL +default_md = sha256 # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = match +stateOrProvinceName = match +localityName = match +organizationName = match +organizationalUnitName = match +commonName = supplied +emailAddress = supplied + +#################################################################### +[ req ] +default_bits = 2048 +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = US +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = SambaState + +localityName = Locality Name (eg, city) +localityName_default = SambaCity + +organizationName = Organization Name (eg, company) +organizationName_default = SambaSelfTesting + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = Users + +commonName = Common Name (eg, YOUR name) +commonName_default = pkinit@addom.samba.example.com +commonName_max = 64 + +emailAddress = Email Address +emailAddress_default = pkinit@addom.samba.example.com +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 +# +#unstructuredName = An optional company name + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +# Extensions for a typical CA +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. +keyUsage = cRLSign, keyCertSign + +crlDistributionPoints=URI:$CRLDISTPT + +# Some might want this also +nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +subjectAltName=email:copy +# Copy issuer details +issuerAltName=issuer:copy + +[ crl_ext ] +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +#[ usr_cert_scarduser ] +[ template_x509_extensions ] + +# These extensions are added when 'ca' signs a request for a certificate that will be used to login from a smart card + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE +crlDistributionPoints=URI:$CRLDISTPT + +# For normal client use this is typical +nsCertType = client, email + +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "Smart Card Login Certificate for pkinit@addom.samba.example.com" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. + +subjectAltName=email:copy,otherName:msUPN;UTF8:pkinit@addom.samba.example.com + +# Copy subject details +issuerAltName=issuer:copy + +nsCaRevocationUrl = $CRLDISTPT +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +#Extended Key requirements for client certs +extendedKeyUsage = clientAuth,scardLogin + diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-private-key.pem new file mode 100644 index 0000000..8ab8683 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-private-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAs6TovchPanHGFajdANZhdADkj7XEDpjZUaqqT8eM+Ww3XGBV +2nxVnNPN4vHtUTkl1fppfqdnnKlhG1xzUNBvus463/6ulZWOl6vGu2rDYAvKwpwx +/8YvUrvLL/YsTb4g4RZJ0yI2Zk9cxDASBzSLAE5bUX1ANYHcXA6vvnhjgGlnh1OX +0D/XZo0migoklfnb3ZMOSFTIMOR3DWXvpGreKZF3l0BcLu01XrkPN63ZcHaZd0WM +SmVjE3LVxFM3V4UKbXQwjGl/g/B/9WcFeYAn1DhtSS+NKpcuMx/Q4MF2G7+/sXWK +ybE/P/JOxbBoXnaKfpxXsuw9GIPiZdUwXrX0xwIDAQABAoIBAB3OjPeAVvz4Z7+M +Ry8uYvkWdNYLeL5bSiOsx5l5KMDx3bWsHlKkMqhU1GKFdbT2YHrCk+J58E0kJYKe +sluEWiWKtmYYIeub5w7vZ4gNTOGQ01G7DOi9f3igxDPvCqbTly0Bv7oSgSg0ntXG +jBc59p5UYf6BY7f9Fg0IOszFuOzDSSHoX8Ld/8rO+2d7k0cvS2xG3FViqMifqAN+ +b1GVm9MtPB5B4iM9dAsgy7NK8kKoY3xUFeYwC8yzBCeG35F+Bq6x+vTUoNfESwwg +/qvJwRNgChlJgLVbrcR/F0wDuvINwELUeDipP1Ca8dmaQgYLlYqrbYJlJEfsHX9w +IkuW1CECgYEA5Sn1mTKK4RnHGWE84kqAayiCEifap/FcPpA5M5AZ8t0HxDUGZ/aO +glhFOsA0bKpmK+U7Hv+uZtD7YDI2syzwk3RnLn3sHaNSMKYkogGOds4U8wYalLYe +AhTGPhukip+6SAZEJicRZDYxy4xczOLmwmGeTMFPQ7mWljbYTVvo7dkCgYEAyK5p +ZZu8Jor0VKuUjQwtzsr0P7AP8h84uf38+Llfn51/sDGihR7oHA7ER0HgaOwL238f +a990+QpShlH1LLik8LeWXNEl6A9MvWJH1OCahGh48ui8T1ptI6OgcNfIDOt0ZE2e +RoV90FpzABR057SvSog6iuCZqYl7ddEoEd3oM58CgYBqrJSJ4rApRqGam9wGjp2m +xC2AHBM5uC2zZdlqujqKBf+2guRfgrMl08cuKQh+SPfUmRljPavGaqOJTPaPg2zd +hwL87lr6FOuOf9hvnX/ep+GymvXGodvoJhl+EcoPSXkiS+BvTiJXXq7hTI5qRXkb +pOtWWWn3Ya3KcO9RW2ZbSQKBgFnRVfLYJPnLL1fGA5KtZMMtKuxmTHy9ZJI6D0Lz +FM1HnKKrVGXoU1JbeZW68kmDfDsdRl7tgFkGObFMdUMy0P+761xXb3PRhTMuDaBF +dmLUr21opP+PJVHSJjjbGvpNV6ac5r4BeTILiXT7sucRg3METc9ifuPWWJ9+oUR9 +4TNZAoGBAMH9sFqsXKXgLjnPEtdy2GJV51oytQRBxWtB/E2minj+U1b8F336vnUp +JEmY08KXj8weSSs+BUXKqxRWxLo2aWKXcvtpyHttdvJvHroG4Rb5xuvZWNtOFyhV +IHA/pdwvhgvUWoM12U2DZfznKHTDrUNpo6bs7lkPqVOSemlDucpU +-----END RSA PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-private.p12 b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-private.p12 Binary files differnew file mode 100644 index 0000000..4b77b58 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-private.p12 diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-req.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-req.pem new file mode 100644 index 0000000..dc60d63 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-req.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIC/zCCAecCAQAwgbkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTYW1iYVN0YXRl +MRIwEAYDVQQHDAlTYW1iYUNpdHkxGTAXBgNVBAoMEFNhbWJhU2VsZlRlc3Rpbmcx +DjAMBgNVBAsMBVVzZXJzMScwJQYDVQQDDB5wa2luaXRAYWRkb20uc2FtYmEuZXhh +bXBsZS5jb20xLTArBgkqhkiG9w0BCQEWHnBraW5pdEBhZGRvbS5zYW1iYS5leGFt +cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALOk6L3IT2px +xhWo3QDWYXQA5I+1xA6Y2VGqqk/HjPlsN1xgVdp8VZzTzeLx7VE5JdX6aX6nZ5yp +YRtcc1DQb7rOOt/+rpWVjperxrtqw2ALysKcMf/GL1K7yy/2LE2+IOEWSdMiNmZP +XMQwEgc0iwBOW1F9QDWB3FwOr754Y4BpZ4dTl9A/12aNJooKJJX5292TDkhUyDDk +dw1l76Rq3imRd5dAXC7tNV65Dzet2XB2mXdFjEplYxNy1cRTN1eFCm10MIxpf4Pw +f/VnBXmAJ9Q4bUkvjSqXLjMf0ODBdhu/v7F1ismxPz/yTsWwaF52in6cV7LsPRiD +4mXVMF619McCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBQjwN3+bsWLHsr7k9K +bfranU8U1dKD05siA3w+Dop43G1eLzBjBrQvSUB4AMzd8a0KKD8dt0xm2s504wxU +SAyGgUcE+a1nPazZUPw5tJVRt41S808Gzd7zU+12UZiUjpE0Y8NayAyn+n/IhNPN +UHOFnZfgBJqWUOEO6+JyJXxYuqaXzmrYg5Kr4vr2tr9d6+hLsp3g3nJKoefPR1RS +2PMk1zubbbjsi9VF/yK6W4QNkfcZN74tMm+kNPAhid422L4FdZSupmfGts45uFWw +zHOOyKOGLkZ4pxNlMRKIL1aYtoyR4UetudX2CUkQsBs/w04DLehk6rjbtQPO4nTI +QYxm +-----END CERTIFICATE REQUEST----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-cert.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-cert.pem new file mode 120000 index 0000000..e8d6f50 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-cert.pem @@ -0,0 +1 @@ +USER-pkinit@addom.samba.example.com-S05-cert.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-private-key.pem new file mode 120000 index 0000000..aac9cfc --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-private-key.pem @@ -0,0 +1 @@ +USER-pkinit@addom.samba.example.com-S05-private-key.pem
\ No newline at end of file |