diff options
Diffstat (limited to 'selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com')
9 files changed, 489 insertions, 0 deletions
diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-cert.cer b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-cert.cer Binary files differnew file mode 100644 index 0000000..857f73d --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-cert.cer diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-cert.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-cert.pem new file mode 100644 index 0000000..794f9c2 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-cert.pem @@ -0,0 +1,169 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 8 (0x8) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Feb 28 13:31:30 2020 GMT + Not After : Feb 23 13:31:30 2040 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=pkinit@addom2.samba.example.com/emailAddress=pkinit@addom2.samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:dc:33:db:43:5e:d5:91:27:95:35:d2:86:b2:e5: + 70:ac:b8:cf:74:01:2c:60:4d:67:b2:2c:2d:ef:c4: + 04:53:4d:08:9b:ce:55:ca:7a:ab:02:29:5d:3d:27: + ee:3e:a3:23:2e:3e:36:8d:f1:ca:8f:a7:4b:8b:a9: + 39:d3:33:39:d0:b9:f4:9b:c4:14:2c:41:67:be:6a: + 32:b6:86:0d:70:0e:eb:6c:b1:d1:ef:92:70:ec:70: + 70:2d:5f:4f:ea:6c:3e:9f:ee:9a:11:32:93:5f:b0: + e3:51:24:e2:33:08:22:ee:69:07:c6:10:a2:3f:43: + 67:3c:0b:48:b6:d1:92:99:22:de:fe:da:28:e9:12: + ba:a7:d6:54:76:c4:3c:56:a7:c9:e4:28:18:fd:89: + 8a:eb:02:42:88:27:59:61:f5:bd:5f:0d:eb:ce:80: + 4a:84:29:e5:38:93:1d:d9:0a:50:e3:eb:72:ec:b2: + 73:16:ab:75:33:3a:74:fd:6c:b8:a9:b9:09:c0:30: + 0a:74:d4:01:3e:00:0e:89:cf:87:aa:19:f5:7b:c4: + 0d:4f:b1:f1:40:59:54:67:28:aa:ca:18:75:7d:96: + d4:4d:99:e3:b1:84:bc:e7:65:80:ea:f6:dd:30:ce: + cf:14:67:b5:27:09:5f:83:a5:8c:87:62:8f:5a:22: + d5:75 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Client, S/MIME + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Smart Card Login Certificate for pkinit@addom2.samba.example.com + X509v3 Subject Key Identifier: + 6A:36:04:8E:C5:C3:2C:C9:17:BA:52:66:D3:AB:0D:C3:F2:25:1A:CD + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + email:pkinit@addom2.samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, scardLogin + Signature Algorithm: sha256WithRSAEncryption + 4d:5b:aa:28:b6:e0:a4:61:63:ed:09:7a:0e:2b:b2:c9:83:73: + f5:28:17:2b:d5:4e:c7:7b:01:99:5d:b9:c5:93:b3:a5:e2:64: + 33:96:38:55:c4:a4:84:9a:d1:dc:40:56:ec:da:a7:a5:3b:7c: + 91:c7:8d:03:44:44:9d:a5:0a:9e:de:6a:9d:c2:80:49:93:db: + 4d:74:fa:3c:fd:54:de:99:9c:f8:82:63:ba:5e:81:9e:4d:ae: + a2:a1:09:dd:81:5a:3e:81:31:8b:ff:85:32:ae:30:9e:1a:d6: + 04:d9:1c:bd:a5:0e:83:29:86:f4:be:0f:81:9a:84:f4:42:42: + 6d:20:18:16:ef:21:ac:51:b3:34:bd:0f:b5:2c:7e:c5:21:3d: + f7:77:95:1e:8f:45:3e:f8:79:93:ad:35:dd:cd:97:95:fe:b6: + 5f:88:e7:b8:38:54:15:29:61:2f:17:91:99:74:0c:66:9a:55: + 5c:dd:22:19:a1:8e:c1:a5:23:45:a4:85:f2:b2:98:3b:2c:85: + d8:2a:8e:9c:4d:6c:9e:9e:ef:80:24:2f:57:f3:a1:1f:09:c4: + 44:4d:11:d2:84:87:2a:57:f0:cc:9e:38:2c:3a:68:ee:0b:be: + e9:48:67:ff:87:2b:29:03:25:22:8e:00:33:f8:2a:7c:11:91: + 17:42:fc:6c:d1:94:c6:f0:7f:ad:c3:97:cf:9f:cc:a5:be:25: + 33:af:d4:c4:06:17:a7:be:11:bf:51:5e:6e:b8:26:56:1e:d5: + d6:ce:85:05:62:02:62:92:63:48:d9:d2:0b:e4:f9:2c:a2:53: + 4f:5e:3d:31:07:4d:5b:c4:48:bc:d5:f0:66:98:fd:85:45:26: + 4b:98:4f:a2:ac:05:a0:df:ee:4e:c9:9c:2f:3c:ee:74:9d:54: + 83:03:d8:42:a1:ba:57:a1:d4:43:93:a0:94:e3:0c:3b:cb:eb: + e6:05:73:60:18:32:81:25:21:55:14:99:2b:9d:0e:b2:72:31: + 63:73:5a:94:b2:30:e7:16:16:4c:33:68:cb:e6:87:aa:20:c6: + 9c:f1:26:3b:f5:76:7a:9b:07:f7:d9:c0:6c:50:04:d6:14:06: + 37:e5:fc:58:18:d5:a7:c8:29:56:9e:3c:fd:03:96:e8:4e:1a: + 7e:6e:e3:c9:aa:e6:3f:5d:1a:cd:86:f3:17:82:3b:ff:4c:8e: + 6b:d2:11:84:ce:36:cc:c8:fe:31:80:43:23:fa:fe:3c:8c:57: + a0:a1:1e:b9:08:c1:03:af:8f:3b:6b:cb:12:e4:6a:31:94:86: + 7a:17:c5:9f:80:bc:bc:e0:42:7b:5a:57:ef:b7:d3:0c:5f:98: + 71:aa:4e:cf:b4:c7:25:33:96:54:7b:ca:90:79:6f:f8:f0:c3: + e7:9d:e7:d0:67:4d:7b:20:7b:9d:d0:91:4f:ab:a3:a2:99:fa: + 9a:74:37:33:64:0c:bf:b6:94:3f:62:5f:a5:76:1e:60:54:e6: + bf:3a:11:5b:f0:ba:62:12:2e:9b:99:a2:37:9f:4c:b9:e8:8e: + d2:81:1f:0f:26:23:3b:9a:3b:69:70:09:e4:ae:05:65:04:3e: + 55:06:43:1f:5e:fb:2d:e6:03:b6:c4:ca:47:66:f0:d3:2b:a0: + 79:e8:45:a4:df:8f:31:fd:7e:67:ca:50:e0:b0:99:9d:2c:6a: + 16:f0:39:01:da:7f:d7:66:15:d1:99:3b:d7:7c:8a:bf:b7:d4: + b1:d3:fb:e2:fc:75:82:47:fc:96:42:57:ce:4a:d5:12:07:99: + 5b:ae:1a:c2:98:f1:fa:3d:a7:19:88:75:c8:fa:81:60:1f:19: + 21:0c:25:84:a1:c3:88:30:a7:80:da:85:85:e1:42:98:76:37: + ab:48:75:60:2d:1d:f9:05:6e:04:e2:2b:ce:37:75:17:27:0d: + 87:11:d6:2b:fa:37:bf:b7:e3:d2:96:b9:d8:92:18:4a:00:45: + 6d:9d:c6:20:d0:6b:2c:ed:33:06:08:d7:0f:56:44:5e:68:9f: + 9f:20:fc:57:a8:27:68:c9:f5:f5:2e:4d:0b:3c:a9:2e:92:2b: + d3:88:a9:18:27:24:0f:33:90:23:b3:41:99:5b:ec:bd:ef:ba: + 5b:4a:b6:a9:6c:b5:a5:d4:47:1e:9c:e7:32:0c:72:98:e7:8c: + a4:aa:72:8f:2b:90:5f:2d:23:bf:99:62:75:47:2f:9a:79:5e: + 4b:8a:8c:f2:28:df:30:59:6b:62:45:4b:b6:e5:39:ab:77:f0: + 51:4b:b7:6f:42:0a:81:a7:c0:c9:8a:c6:09:2a:e8:35:36:53: + c9:5b:93:dc:a5:1e:17:b1:cc:b4:13:b5:bb:b0:df:b8:cd:68: + 8a:10:18:8c:de:07:33:31:68:6b:f4:6a:dc:d0:17:10:c4:2d: + ec:66:51:c3:01:b3:2a:f0:0e:b9:c2:4d:7c:8d:d8:ab:c0:76: + 79:ca:e6:ff:a4:36:da:c1:8d:2e:13:7d:15:21:72:86:ad:4b: + 1b:73:4f:46:2f:fa:1e:ae:e8:8f:dd:79:6c:46:57:0a:05:ef: + 11:04:ae:a0:c5:13:86:6a:a3:cc:9c:b7:80:ef:18:5f:67:f7: + 43:ef:e2:94:4f:85:06:2f:d1:7a:97:07:ed:89:7d:aa:1e:e0: + cf:52:63:b9:28:95:aa:6d:ca:f2:20:c2:f3:07:83:c5:f4:a2: + ee:20:61:88:34:12:62:05:67:8d:f2:83:25:0b:9a:89 +-----BEGIN CERTIFICATE----- +MIII/TCCBOWgAwIBAgIBCDANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0yMDAy +MjgxMzMxMzBaFw00MDAyMjMxMzMxMzBaMIGnMQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE +CwwFVXNlcnMxKDAmBgNVBAMMH3BraW5pdEBhZGRvbTIuc2FtYmEuZXhhbXBsZS5j +b20xLjAsBgkqhkiG9w0BCQEWH3BraW5pdEBhZGRvbTIuc2FtYmEuZXhhbXBsZS5j +b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcM9tDXtWRJ5U10oay +5XCsuM90ASxgTWeyLC3vxARTTQibzlXKeqsCKV09J+4+oyMuPjaN8cqPp0uLqTnT +MznQufSbxBQsQWe+ajK2hg1wDutssdHvknDscHAtX0/qbD6f7poRMpNfsONRJOIz +CCLuaQfGEKI/Q2c8C0i20ZKZIt7+2ijpErqn1lR2xDxWp8nkKBj9iYrrAkKIJ1lh +9b1fDevOgEqEKeU4kx3ZClDj63LssnMWq3UzOnT9bLipuQnAMAp01AE+AA6Jz4eq +GfV7xA1PsfFAWVRnKKrKGHV9ltRNmeOxhLznZYDq9t0wzs8UZ7UnCV+DpYyHYo9a +ItV1AgMBAAGjggIRMIICDTAJBgNVHRMEAjAAME8GA1UdHwRIMEYwRKBCoECGPmh0 +dHA6Ly93d3cuc2FtYmEuZXhhbXBsZS5jb20vY3Jscy9DQS1zYW1iYS5leGFtcGxl +LmNvbS1jcmwuY3JsMBEGCWCGSAGG+EIBAQQEAwIFoDALBgNVHQ8EBAMCBeAwTwYJ +YIZIAYb4QgENBEIWQFNtYXJ0IENhcmQgTG9naW4gQ2VydGlmaWNhdGUgZm9yIHBr +aW5pdEBhZGRvbTIuc2FtYmEuZXhhbXBsZS5jb20wHQYDVR0OBBYEFGo2BI7FwyzJ +F7pSZtOrDcPyJRrNMB8GA1UdIwQYMBaAFKI+Aiqjp005tAhNmcwMdTbqJ8M+MFsG +A1UdEQRUMFKBH3BraW5pdEBhZGRvbTIuc2FtYmEuZXhhbXBsZS5jb22gLwYKKwYB +BAGCNxQCA6AhDB9wa2luaXRAYWRkb20yLnNhbWJhLmV4YW1wbGUuY29tMDEGA1Ud +EgQqMCiBJmNhLXNhbWJhLmV4YW1wbGUuY29tQHNhbWJhLmV4YW1wbGUuY29tME0G +CWCGSAGG+EIBBARAFj5odHRwOi8vd3d3LnNhbWJhLmV4YW1wbGUuY29tL2NybHMv +Q0Etc2FtYmEuZXhhbXBsZS5jb20tY3JsLmNybDAfBgNVHSUEGDAWBggrBgEFBQcD +AgYKKwYBBAGCNxQCAjANBgkqhkiG9w0BAQsFAAOCBAEATVuqKLbgpGFj7Ql6Diuy +yYNz9SgXK9VOx3sBmV25xZOzpeJkM5Y4VcSkhJrR3EBW7NqnpTt8kceNA0REnaUK +nt5qncKASZPbTXT6PP1U3pmc+IJjul6Bnk2uoqEJ3YFaPoExi/+FMq4wnhrWBNkc +vaUOgymG9L4PgZqE9EJCbSAYFu8hrFGzNL0PtSx+xSE993eVHo9FPvh5k6013c2X +lf62X4jnuDhUFSlhLxeRmXQMZppVXN0iGaGOwaUjRaSF8rKYOyyF2CqOnE1snp7v +gCQvV/OhHwnERE0R0oSHKlfwzJ44LDpo7gu+6Uhn/4crKQMlIo4AM/gqfBGRF0L8 +bNGUxvB/rcOXz5/Mpb4lM6/UxAYXp74Rv1FebrgmVh7V1s6FBWICYpJjSNnSC+T5 +LKJTT149MQdNW8RIvNXwZpj9hUUmS5hPoqwFoN/uTsmcLzzudJ1UgwPYQqG6V6HU +Q5OglOMMO8vr5gVzYBgygSUhVRSZK50OsnIxY3NalLIw5xYWTDNoy+aHqiDGnPEm +O/V2epsH99nAbFAE1hQGN+X8WBjVp8gpVp48/QOW6E4afm7jyarmP10azYbzF4I7 +/0yOa9IRhM42zMj+MYBDI/r+PIxXoKEeuQjBA6+PO2vLEuRqMZSGehfFn4C8vOBC +e1pX77fTDF+YcapOz7THJTOWVHvKkHlv+PDD553n0GdNeyB7ndCRT6ujopn6mnQ3 +M2QMv7aUP2JfpXYeYFTmvzoRW/C6YhIum5miN59MueiO0oEfDyYjO5o7aXAJ5K4F +ZQQ+VQZDH177LeYDtsTKR2bw0yugeehFpN+PMf1+Z8pQ4LCZnSxqFvA5Adp/12YV +0Zk713yKv7fUsdP74vx1gkf8lkJXzkrVEgeZW64awpjx+j2nGYh1yPqBYB8ZIQwl +hKHDiDCngNqFheFCmHY3q0h1YC0d+QVuBOIrzjd1FycNhxHWK/o3v7fj0pa52JIY +SgBFbZ3GINBrLO0zBgjXD1ZEXmifnyD8V6gnaMn19S5NCzypLpIr04ipGCckDzOQ +I7NBmVvsve+6W0q2qWy1pdRHHpznMgxymOeMpKpyjyuQXy0jv5lidUcvmnleS4qM +8ijfMFlrYkVLtuU5q3fwUUu3b0IKgafAyYrGCSroNTZTyVuT3KUeF7HMtBO1u7Df +uM1oihAYjN4HMzFoa/Rq3NAXEMQt7GZRwwGzKvAOucJNfI3Yq8B2ecrm/6Q22sGN +LhN9FSFyhq1LG3NPRi/6Hq7oj915bEZXCgXvEQSuoMUThmqjzJy3gO8YX2f3Q+/i +lE+FBi/RepcH7Yl9qh7gz1JjuSiVqm3K8iDC8weDxfSi7iBhiDQSYgVnjfKDJQua +iQ== +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-key.pem new file mode 100644 index 0000000..1e61500 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-key.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIV6+MM3EXFiACAggA +MBQGCCqGSIb3DQMHBAjsohDWEPj6zgSCBMgedcAX42Jx6DI9zhBX9GTM5t734KMA +5QsAoALazfaMdUZ2oULJJeFon4s497Wc8amj661+TkvhIJNi1zRZA1ZC1xphQDsr +yjJx8elNBHUvaJDKEE9aN+EEJ2+TkExTX6BAYeewNN0VgjV9Kpwy0ejD8gZZKBa0 +oGtmqCQTMrGdmKTuPa2H463oexgr+6futCbR/qxp9k/lRBGy6z7+sM7FvS9NVLN5 +gRrXjwFGA01Rb4Ch4ZmbU04EyJh+0EvjXC5e2t76GLp3EtjVpOuNuaZOiHQ7t/ah +xaU5fHwoBWwuXjZc2diFvcuNNnJ0e7K9AMkfIuk/Bn4wEyo8jSAZPzEzatZf6gxg +DoGkXaoB7Yf2+Mb0qg8IiMf/1IICHF046liDxNmnbAHOsREXJtwtV2H6gUuh+zX1 ++B/jwhAXt62FUwnd4WdCHyo4NjOBwQADibiTTcgvdnkn+XKYzyNii6RGjA95mpbp +loA71aV2QoBZH4bQ18YrCNshAf1tanZvxByjB/61IeMxz4m0BlwZbIT06rrpNLqh +k6w7wmW2sdgN9kWb772+zUJFahNmJU4qfr8Kg/NIvqj63HMXwgCfuGLI7vUFmmhp +dkqfadcu32XxitWYHZkvJPtCFb3AKcIR7OzWc117VuHu+kWSVhfst70LROSOXiwa +TajBA0P83LccmR6z67/JWRvQwDc9uF+6xVM3tZga+odi/Fee/N0c2yYqxlrebmqU +Qlp6xzjIrpTpwCBEBXgJQsv+kcIQIpDPhG8+y44OHBcHoGaDFVYX8KNcO98b1EYC +EW6cy6PrmaE5AkC+jlPPQqcTRJvCVeq3MIUmJg2M3ivsTdlSqbCVfnJgYTnGD9sS +pAtc1I+7OqOfp5jqHgCmnK0pdbmFLDuKJNuzNb356nNFA+CUejWzZGPth6pVFGyq +9234oSwUCjP3kKG89JVSEflvTAEsySWHO3Vs4lyu0/1Dd1k1Bfc6YYgGH0JiXvtf +y2Ys7u51m9NL4BgpbMvLpNmKvZlztJhGqw9Og1g/GdcURhqgajK8HGNJz1hpgzq5 +frlMKP8NnCwhID7IZzaQbcBMA9OUQds6XrB6Fd60vmTx4UMg6fIBCzLOR1lSmxcn +64QUkepM9+jBKlWla9MlMECB2csxdlRCpSYIdguyd+i0ftEmq1ZG77+c5/9LNFSh +SMDUJ5qg6UsFBVCmJezG0yrkPcTEmTQxAAcWN+C37cMq/3htAw3njfOGaiJliYUn +vKc4+yZH9PQxaZB+l2pVOjJYmetcmEDnfrrUVst+xzusVzT/IyYEyC+DTi3U2Suh +AOUoAZP2QnAEYRWsN4dcClKJt/fSBcQIIqYeljAxzi+DmxOBALHkuUd7AhozpV7P +3F0hHD2lD3/9ncIHjHZ+DshiWVmxgvPcKFi2spbeb/CBpJ7YmkFww7C9YOctP5eq +vIsesf2ZsGaKNbogfBRKuQP1o0FkWGqUnzVe0Ww56uGerz5EU+I/LecLAmS0e5jt +FtAlVXcRKo7UtXMJHekQRnF70xk9gYV3qZIP7bXDh01gX/TVEL7PHeBZBkej5Mrk +debSOuvlVxnnAYyreZl1MtnneT8L7nwi+lKRkq5aps82iUa2sKPgoFQODZrLBAyM +HOE= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-openssl.cnf b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-openssl.cnf new file mode 100644 index 0000000..effde23 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-openssl.cnf @@ -0,0 +1,242 @@ +# +# Based on the OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#CRLDISTPT = [CRL Distribution Point; e.g., http://crl-list.base/w4edom-l4.base.crl] +CRLDISTPT = http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used as a login credential +scardLogin=1.3.6.1.4.1.311.20.2.2 +# Used in a smart card login certificate's subject alternative name +msUPN=1.3.6.1.4.1.311.20.2.3 +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used to identify a domain controller +msKDC=1.3.6.1.5.2.3.5 +# Identifies the AD GUID +msADGUID=1.3.6.1.4.1.311.25.1 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = CA-samba.example.com # Where everything is kept +certs = $dir/_none_certs # Where the issued certs are kept +crl_dir = $dir/_none_crl # Where the issued crl are kept +database = $dir/Private/CA-samba.example.com-index.txt # database index file. +unique_subject = yes # Set to 'no' to allow creation of + # several certificates with same subject. +new_certs_dir = $dir/NewCerts # default place for new certs. + +certificate = $dir/Public/CA-samba.example.com-cert.pem # The CA certificate +serial = $dir/Private/CA-samba.example.com-serial.txt # The current serial number +crlnumber = $dir/Private/CA-samba.example.com-crlnumber.txt # the current crl number + # must be commented out to leave a V1 CRL + +#crl = $dir/Public/CA-samba.example.com-crl.pem # The current CRL +crl = $dir/Public/CA-samba.example.com-crl.crl # The current CRL +private_key = $dir/Private/CA-samba.example.com-private-key.pem # The private key +RANDFILE = $dir/Private/CA-samba.example.com.rand # private random number file + +#x509_extensions = # The extensions to add to the cert +x509_extensions = template_x509_extensions + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +crl_extensions = crl_ext + +default_days = 7300 # how long to certify for +default_crl_days= 7300 # how long before next CRL +default_md = sha256 # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = match +stateOrProvinceName = match +localityName = match +organizationName = match +organizationalUnitName = match +commonName = supplied +emailAddress = supplied + +#################################################################### +[ req ] +default_bits = 2048 +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = US +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = SambaState + +localityName = Locality Name (eg, city) +localityName_default = SambaCity + +organizationName = Organization Name (eg, company) +organizationName_default = SambaSelfTesting + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = Users + +commonName = Common Name (eg, YOUR name) +commonName_default = pkinit@addom2.samba.example.com +commonName_max = 64 + +emailAddress = Email Address +emailAddress_default = pkinit@addom2.samba.example.com +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 +# +#unstructuredName = An optional company name + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +# Extensions for a typical CA +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. +keyUsage = cRLSign, keyCertSign + +crlDistributionPoints=URI:$CRLDISTPT + +# Some might want this also +nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +subjectAltName=email:copy +# Copy issuer details +issuerAltName=issuer:copy + +[ crl_ext ] +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +#[ usr_cert_scarduser ] +[ template_x509_extensions ] + +# These extensions are added when 'ca' signs a request for a certificate that will be used to login from a smart card + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE +crlDistributionPoints=URI:$CRLDISTPT + +# For normal client use this is typical +nsCertType = client, email + +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "Smart Card Login Certificate for pkinit@addom2.samba.example.com" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. + +subjectAltName=email:copy,otherName:msUPN;UTF8:pkinit@addom2.samba.example.com + +# Copy subject details +issuerAltName=issuer:copy + +nsCaRevocationUrl = $CRLDISTPT +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +#Extended Key requirements for client certs +extendedKeyUsage = clientAuth,scardLogin + diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-private-key.pem new file mode 100644 index 0000000..a0b894c --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-private-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA3DPbQ17VkSeVNdKGsuVwrLjPdAEsYE1nsiwt78QEU00Im85V +ynqrAildPSfuPqMjLj42jfHKj6dLi6k50zM50Ln0m8QULEFnvmoytoYNcA7rbLHR +75Jw7HBwLV9P6mw+n+6aETKTX7DjUSTiMwgi7mkHxhCiP0NnPAtIttGSmSLe/too +6RK6p9ZUdsQ8VqfJ5CgY/YmK6wJCiCdZYfW9Xw3rzoBKhCnlOJMd2QpQ4+ty7LJz +Fqt1Mzp0/Wy4qbkJwDAKdNQBPgAOic+Hqhn1e8QNT7HxQFlUZyiqyhh1fZbUTZnj +sYS852WA6vbdMM7PFGe1Jwlfg6WMh2KPWiLVdQIDAQABAoIBAHKz6HEtgx37enPw +2A10Cr9N/XI18kGv0GY1MTCF8KLbq7JNRs8UGuQjW9gxZp7mJ7s82PoTiypNQMLd +QavMMT+SveItvzxWTY4Yj5YYOgO3IdcawXqD06K15xkbXuuDuxNgHIz8xVvBLofk +KJfgkyGRQGVh4MIHgEz8q8HfZPezBGIxxfjXPkZ7NEJGcVUKyhSaEn0uJ2wcWkzf +eCx4ZNNp82MHR9OO7sMc87oJDKm38JbZPKnONU75L8Kjk+qBljCLNT71pqIFQfVD +QFUsGDLs2aBqsP/AZjeUX6+AinBV7CQ43EB4Y8t1U62k+AaNqocg+QjdspUGsTVd +V3XRxoECgYEA/6JFdxUnOtV0DRi/TGCN27nfASsa7JkVZLY+mJMBrPOKqK1IfXmC +isqykMY0NLKK5pgjQqWuoiri9uuzPNwK8OfNOvJUZAsElr4OlH15yz3vjG4Jr9Hx +EPIL1J95Nuo4mCtNx/DUHiDCWR5qvTXteKRa5Zb0FpT7BwSnzhC9KaUCgYEA3ISY +HOiXzWiEbG5cnklPGsnkfl5br77jFbFwu1HSO+pcDTRs4yRt9CSRvtv/f82yPVw1 +p7ZU4kqos2sSgdyqr/LYzRBXpcfK8yKZB0S1irNgS5G7FRgRj4MhnIfB8zwAmWAJ +TdIkiZHpP1LRs/A4EAveE3HbVkKR8CkgrMabE5ECgYEA9ONA5IkxIZ1mJT211LcS +bpGq3nWqv0kPQ4GKiaMakdJk3J3Tuc/zjH4Nfb9CN9FqWukXrjsGBnhLIPw+omix +WoLVCkknKwebB8VeNkXVrSvSFZc8VGAsLW2Sg8eZ2U+bk7q4Mne03H/JbpJC8qt8 +qHvaT+LCRffGWrzM/AzxCbkCgYEAu2wCsQdLBi0f59zA4VNjZVxU1Maz3KI79VMT +glHfgkcFJ7/4D/IFdeyi5vmqpWAZbqdxfvKsIIzd52hImZEIjXS0qU2LgP5XUuCD ++bZ/KbydSn046YvEWRpVtel4gZfs1m7WWYsSvM4D1Ws5ilrP+2tqu1IY3q7DxL/f +4pkGctECgYBa4TCPS3pxG6trEA5J2U4GaL5poK1MXXSd1CAkdij3npxYP2siRNz5 +SMA/TvJEA6wzhsbA6kqpESmPFim6IfywGdE6WbNu/dEA00EmLW+YeBGVBGVaUro4 +gz3ruHdztghRJFNrN4sjYGiPjKTG74U/aUNIGZXsxTJA8R8U0Y8KPw== +-----END RSA PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-private.p12 b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-private.p12 Binary files differnew file mode 100644 index 0000000..ea4d241 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-private.p12 diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-req.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-req.pem new file mode 100644 index 0000000..7c0934a --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-req.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIDATCCAekCAQAwgbsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTYW1iYVN0YXRl +MRIwEAYDVQQHDAlTYW1iYUNpdHkxGTAXBgNVBAoMEFNhbWJhU2VsZlRlc3Rpbmcx +DjAMBgNVBAsMBVVzZXJzMSgwJgYDVQQDDB9wa2luaXRAYWRkb20yLnNhbWJhLmV4 +YW1wbGUuY29tMS4wLAYJKoZIhvcNAQkBFh9wa2luaXRAYWRkb20yLnNhbWJhLmV4 +YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3DPbQ17V +kSeVNdKGsuVwrLjPdAEsYE1nsiwt78QEU00Im85VynqrAildPSfuPqMjLj42jfHK +j6dLi6k50zM50Ln0m8QULEFnvmoytoYNcA7rbLHR75Jw7HBwLV9P6mw+n+6aETKT +X7DjUSTiMwgi7mkHxhCiP0NnPAtIttGSmSLe/too6RK6p9ZUdsQ8VqfJ5CgY/YmK +6wJCiCdZYfW9Xw3rzoBKhCnlOJMd2QpQ4+ty7LJzFqt1Mzp0/Wy4qbkJwDAKdNQB +PgAOic+Hqhn1e8QNT7HxQFlUZyiqyhh1fZbUTZnjsYS852WA6vbdMM7PFGe1Jwlf +g6WMh2KPWiLVdQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAFdpb3Rsn94pfog0 +u423+MP/Y3Kt/mjLUV++hmGzIi8rAFLAjQTSlM+uGF3895+kIzH9k+y0d8nYiN2n +GPhsj4KKKurtiAsykKdE3+da0sQ/DdL7FXq7AvjzQOcoUpU3tRncNApW8mD91Yuk +YpOMysX1PhNbUK8+E+jzP8lngs6cu5yKbeK8JF/0GI74XoCB4+oVKO23SgjXOrmw +4lDKMYD7L9+N8/a6g29JEhwjxx+BTKjwjehQlkO0zT2ZRzEGk9LPoJY8CWiS31l0 +FHlUhO+drJygaFDqSd82hmo6oBSO81evk3Vow7po/E9UGVJY2X9nfGXS9+HlV/kW +IYOVlmQ= +-----END CERTIFICATE REQUEST----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-cert.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-cert.pem new file mode 120000 index 0000000..aa6521d --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-cert.pem @@ -0,0 +1 @@ +USER-pkinit@addom2.samba.example.com-S08-cert.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-private-key.pem new file mode 120000 index 0000000..3784f3f --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-private-key.pem @@ -0,0 +1 @@ +USER-pkinit@addom2.samba.example.com-S08-private-key.pem
\ No newline at end of file |