diff options
Diffstat (limited to 'selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com')
9 files changed, 487 insertions, 0 deletions
diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-cert.cer b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-cert.cer Binary files differnew file mode 100644 index 0000000..9a8d7ae --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-cert.cer diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-cert.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-cert.pem new file mode 100644 index 0000000..730b824 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-cert.pem @@ -0,0 +1,168 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Jun 3 19:30:29 2016 GMT + Not After : May 29 19:30:29 2036 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=pkinit@samba.example.com/emailAddress=pkinit@samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:dd:c4:48:44:a5:e9:6b:b4:41:03:6a:dc:34:1f: + d6:41:ce:f7:cb:b2:44:a7:a3:0e:89:16:ff:0d:62: + 23:e0:8b:24:db:82:82:68:29:22:1b:57:44:12:c6: + ea:10:2d:6f:3a:4b:75:b1:2e:76:62:01:62:ff:ba: + 3d:67:e1:39:0d:12:38:b0:fc:b3:e5:0e:dd:77:73: + 2b:99:25:86:d5:15:84:08:be:b0:8b:38:d7:64:9d: + d6:e7:dc:4d:9a:fb:ea:17:41:bb:d1:cf:1a:b9:5b: + 0b:8a:e5:8c:5a:b7:2d:ab:bd:f7:c3:91:ae:26:c2: + e3:97:27:ea:3f:be:c9:22:af:d6:76:35:45:b0:72: + 86:f2:bd:bf:e2:d3:e3:e3:68:52:26:db:f0:a6:6a: + 0e:63:05:9b:17:6d:13:ee:c4:15:41:96:27:06:90: + fd:10:b5:f9:6c:74:be:b0:a8:bb:70:f7:a2:25:da: + f7:f1:91:c2:69:6c:40:c4:63:e8:06:83:e0:1d:b7: + 2b:29:d3:75:d1:df:c1:d2:90:af:b9:81:47:78:f3: + f1:1a:c9:20:e3:1b:6f:e4:fd:2e:0b:65:a7:6f:b1: + b2:a0:d3:e3:d2:2f:2b:ef:fd:01:5b:27:e7:1b:c1: + 0e:bc:bd:f0:7b:b2:34:a9:9b:4d:2c:c8:65:33:c8: + 33:17 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Client, S/MIME + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Smart Card Login Certificate for pkinit@samba.example.com + X509v3 Subject Key Identifier: + E9:67:66:B8:3D:F1:39:AB:1A:4D:00:9D:EC:CE:FF:4B:50:D8:5D:A2 + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + email:pkinit@samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, scardLogin + Signature Algorithm: sha256WithRSAEncryption + 88:3e:f3:98:08:ef:cd:53:3a:07:d5:1c:fd:26:7c:f1:96:2e: + b9:06:87:f2:5b:e2:be:d1:04:6e:38:59:14:49:9d:46:ef:7e: + 6c:08:02:3e:18:09:09:61:a8:1d:a9:da:59:40:58:5f:d2:ca: + 4f:76:0e:7e:01:db:05:03:fb:78:c7:89:86:aa:1b:dc:02:bb: + 86:a5:02:7c:01:54:dd:ad:e0:43:c5:d9:ec:86:c2:47:b5:5a: + 1c:8c:06:0e:fe:11:ad:a5:57:37:f5:0a:35:65:a4:f2:27:14: + 2f:bf:53:48:66:e1:da:b9:58:95:a2:d1:95:9c:ae:0a:ca:29: + a6:ef:7a:58:74:86:40:ea:2a:c6:18:9f:1a:d9:70:e2:a8:aa: + 8d:f1:22:bf:b6:e4:61:d4:21:ee:bf:17:e1:aa:d1:cf:0b:35: + 82:c7:3f:a1:be:d1:a5:bd:4e:04:0d:cf:11:2d:d6:0c:7e:47: + 5c:5e:84:d2:10:60:7e:97:d7:52:be:a1:cd:2d:85:da:b2:dd: + 68:88:12:a4:88:5f:16:0c:ae:6f:60:7f:da:58:5f:91:bd:8d: + 15:20:c2:74:94:0b:93:65:80:7c:77:15:a2:70:bb:98:be:41: + 1a:2e:c5:78:52:64:e7:44:03:3f:64:97:10:a9:1b:17:f3:79: + f9:51:0c:4c:58:e7:03:e7:bb:fd:34:ff:c0:4a:ad:b1:7a:ba: + 97:3c:f8:e0:9e:30:3d:e7:5f:be:ac:6a:b3:c1:1e:50:7c:cd: + ce:18:bd:96:73:fb:9c:90:e7:ae:e0:be:c5:65:29:9a:1c:da: + c3:64:2a:99:dc:93:61:32:9a:70:1a:45:83:72:38:0f:57:de: + 0d:f5:64:71:97:de:b5:64:99:43:30:6d:3f:25:82:b5:3e:a1: + ba:39:d2:fc:b8:df:7e:57:da:fc:be:c2:84:2e:99:41:52:a2: + 18:f4:99:c7:e2:b9:af:2a:84:32:5c:cb:ba:26:86:6b:8e:58: + 30:d8:4f:5b:60:34:fd:30:de:c5:a0:7a:8c:e7:34:2b:bc:81: + 6d:4c:a8:b5:ba:b5:52:b9:42:e5:d8:7e:be:31:a3:8e:b0:c3: + f6:16:28:92:e7:9d:3f:c8:cf:a0:4a:b0:3a:ae:75:59:ab:19: + 91:e4:2e:76:57:3f:58:88:5f:2e:7b:c5:8f:11:25:0f:cd:8f: + e3:91:80:2f:d4:7b:5a:80:c3:c9:7c:0a:aa:01:bf:5c:8c:0e: + 57:84:bf:72:ad:7b:0a:b9:95:27:0f:aa:9b:96:08:8e:bb:63: + 56:5a:1d:ad:0c:5b:1c:04:38:ae:2b:88:d4:d1:68:20:f2:a0: + 9b:77:9c:95:db:17:cb:cf:79:4a:13:66:c9:34:36:f6:c6:f9: + 8b:4b:92:5e:59:a3:5d:75:4e:fa:f2:fa:d5:d9:66:80:82:a4: + 8d:e2:d8:b6:ed:c5:a3:ca:a2:70:64:9c:b9:1c:49:b2:2f:46: + b3:13:3b:88:a7:5a:8e:22:b7:90:f5:74:27:21:06:a4:94:bb: + b1:cb:e7:e4:92:f0:e9:80:15:94:82:1a:97:34:d0:cf:aa:37: + b1:27:a5:38:39:7c:8d:ba:a1:12:dd:30:48:44:90:0c:35:0f: + cc:e6:13:e7:c9:06:36:1d:b0:c9:be:28:0f:47:1c:b0:47:a3: + 20:d1:bb:a1:85:1a:80:c2:9b:70:61:9f:a7:82:46:3c:80:28: + 0c:17:f6:fc:75:83:be:ff:5c:da:bc:be:2c:65:a6:c0:fc:c1: + 32:ae:9a:bf:d1:7c:fb:b3:26:3b:77:03:fe:a9:e9:ae:4c:72: + 58:a9:6e:ce:ad:c0:1f:30:b2:06:32:65:af:5f:db:3d:2b:ab: + c5:46:5c:0a:df:50:b5:7e:31:c8:b0:7e:50:e2:aa:d8:01:8e: + ea:e7:3c:8b:90:73:de:77:9f:47:ea:af:16:0d:a5:c0:89:6f: + 86:a4:84:f7:1f:03:fd:7d:f8:a8:7d:9c:9a:f1:13:c8:d5:5b: + 9c:2f:71:c1:c0:c2:17:89:39:6d:28:2d:20:31:ca:60:cf:7f: + 78:42:5c:a3:28:76:19:a8:ca:e6:07:22:6d:7f:04:b1:20:ab: + 70:40:33:e9:a3:fa:da:b5:7c:ee:70:0b:c6:a2:6a:90:1a:10: + fe:8a:9b:56:5c:44:85:f1:b4:41:67:0b:c1:a3:68:2f:ff:b1: + 48:f3:38:4b:28:4e:52:36:0c:9b:37:aa:7e:82:63:c3:61:33: + a9:05:b3:af:13:07:b3:9e:4d:4c:3c:c4:47:34:ce:f3:6e:55: + 69:d7:af:dc:e4:82:34:9b:fe:cc:d9:db:1f:08:3e:3c:3a:9b: + ac:a7:7e:61:3f:5f:01:0c:d8:f3:63:31:31:07:e2:05:84:30: + 65:f4:b0:a6:cc:ad:63:fe:06:db:d7:e9:2f:9d:db:2c:64:af: + d6:d1:cc:9e:c3:11:09:ad:7d:e2:06:6d:21:ad:a5:4f:a6:87: + 9b:ee:db:6c:e9:69:a7:6a:eb:93:67:e2:e9:6f:23:f8:2e:95: + 78:5f:a8:66:ae:7e:2c:5e:6b:07:3e:02:ad:20:af:61:9c:0e: + 1d:c6:7a:31:5a:33:bd:61:1a:67:5b:a9:42:3c:17:67:f8:dd: + 80:e3:ab:62:a0:42:53:33:1f:f7:79:ea:32:d1:26:dd:bb:c6: + 26:aa:2c:ac:16:7e:24:b4:ae:7d:ce:77:e8:5f:2d:97 +-----BEGIN CERTIFICATE----- +MIII2jCCBMKgAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0xNjA2 +MDMxOTMwMjlaFw0zNjA1MjkxOTMwMjlaMIGZMQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE +CwwFVXNlcnMxITAfBgNVBAMMGHBraW5pdEBzYW1iYS5leGFtcGxlLmNvbTEnMCUG +CSqGSIb3DQEJARYYcGtpbml0QHNhbWJhLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3cRIRKXpa7RBA2rcNB/WQc73y7JEp6MOiRb/ +DWIj4Isk24KCaCkiG1dEEsbqEC1vOkt1sS52YgFi/7o9Z+E5DRI4sPyz5Q7dd3Mr +mSWG1RWECL6wizjXZJ3W59xNmvvqF0G70c8auVsLiuWMWrctq733w5GuJsLjlyfq +P77JIq/WdjVFsHKG8r2/4tPj42hSJtvwpmoOYwWbF20T7sQVQZYnBpD9ELX5bHS+ +sKi7cPeiJdr38ZHCaWxAxGPoBoPgHbcrKdN10d/B0pCvuYFHePPxGskg4xtv5P0u +C2Wnb7GyoNPj0i8r7/0BWyfnG8EOvL3we7I0qZtNLMhlM8gzFwIDAQABo4IB/DCC +AfgwCQYDVR0TBAIwADBPBgNVHR8ESDBGMESgQqBAhj5odHRwOi8vd3d3LnNhbWJh +LmV4YW1wbGUuY29tL2NybHMvQ0Etc2FtYmEuZXhhbXBsZS5jb20tY3JsLmNybDAR +BglghkgBhvhCAQEEBAMCBaAwCwYDVR0PBAQDAgXgMEgGCWCGSAGG+EIBDQQ7FjlT +bWFydCBDYXJkIExvZ2luIENlcnRpZmljYXRlIGZvciBwa2luaXRAc2FtYmEuZXhh +bXBsZS5jb20wHQYDVR0OBBYEFOlnZrg98TmrGk0AnezO/0tQ2F2iMB8GA1UdIwQY +MBaAFKI+Aiqjp005tAhNmcwMdTbqJ8M+ME0GA1UdEQRGMESBGHBraW5pdEBzYW1i +YS5leGFtcGxlLmNvbaAoBgorBgEEAYI3FAIDoBoMGHBraW5pdEBzYW1iYS5leGFt +cGxlLmNvbTAxBgNVHRIEKjAogSZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5l +eGFtcGxlLmNvbTBNBglghkgBhvhCAQQEQBY+aHR0cDovL3d3dy5zYW1iYS5leGFt +cGxlLmNvbS9jcmxzL0NBLXNhbWJhLmV4YW1wbGUuY29tLWNybC5jcmwwHwYDVR0l +BBgwFgYIKwYBBQUHAwIGCisGAQQBgjcUAgIwDQYJKoZIhvcNAQELBQADggQBAIg+ +85gI781TOgfVHP0mfPGWLrkGh/Jb4r7RBG44WRRJnUbvfmwIAj4YCQlhqB2p2llA +WF/Syk92Dn4B2wUD+3jHiYaqG9wCu4alAnwBVN2t4EPF2eyGwke1WhyMBg7+Ea2l +Vzf1CjVlpPInFC+/U0hm4dq5WJWi0ZWcrgrKKabvelh0hkDqKsYYnxrZcOKoqo3x +Ir+25GHUIe6/F+Gq0c8LNYLHP6G+0aW9TgQNzxEt1gx+R1xehNIQYH6X11K+oc0t +hdqy3WiIEqSIXxYMrm9gf9pYX5G9jRUgwnSUC5NlgHx3FaJwu5i+QRouxXhSZOdE +Az9klxCpGxfzeflRDExY5wPnu/00/8BKrbF6upc8+OCeMD3nX76sarPBHlB8zc4Y +vZZz+5yQ567gvsVlKZoc2sNkKpnck2EymnAaRYNyOA9X3g31ZHGX3rVkmUMwbT8l +grU+obo50vy4335X2vy+woQumUFSohj0mcfiua8qhDJcy7omhmuOWDDYT1tgNP0w +3sWgeoznNCu8gW1MqLW6tVK5QuXYfr4xo46ww/YWKJLnnT/Iz6BKsDqudVmrGZHk +LnZXP1iIXy57xY8RJQ/Nj+ORgC/Ue1qAw8l8CqoBv1yMDleEv3Ktewq5lScPqpuW +CI67Y1ZaHa0MWxwEOK4riNTRaCDyoJt3nJXbF8vPeUoTZsk0NvbG+YtLkl5Zo111 +Tvry+tXZZoCCpI3i2LbtxaPKonBknLkcSbIvRrMTO4inWo4it5D1dCchBqSUu7HL +5+SS8OmAFZSCGpc00M+qN7EnpTg5fI26oRLdMEhEkAw1D8zmE+fJBjYdsMm+KA9H +HLBHoyDRu6GFGoDCm3Bhn6eCRjyAKAwX9vx1g77/XNq8vixlpsD8wTKumr/RfPuz +Jjt3A/6p6a5Mclipbs6twB8wsgYyZa9f2z0rq8VGXArfULV+MciwflDiqtgBjurn +PIuQc953n0fqrxYNpcCJb4akhPcfA/19+Kh9nJrxE8jVW5wvccHAwheJOW0oLSAx +ymDPf3hCXKModhmoyuYHIm1/BLEgq3BAM+mj+tq1fO5wC8aiapAaEP6Km1ZcRIXx +tEFnC8GjaC//sUjzOEsoTlI2DJs3qn6CY8NhM6kFs68TB7OeTUw8xEc0zvNuVWnX +r9zkgjSb/szZ2x8IPjw6m6ynfmE/XwEM2PNjMTEH4gWEMGX0sKbMrWP+BtvX6S+d +2yxkr9bRzJ7DEQmtfeIGbSGtpU+mh5vu22zpaadq65Nn4ulvI/gulXhfqGaufixe +awc+Aq0gr2GcDh3GejFaM71hGmdbqUI8F2f43YDjq2KgQlMzH/d56jLRJt27xiaq +LKwWfiS0rn3Od+hfLZc= +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-key.pem new file mode 100644 index 0000000..44f2dca --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-key.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI3lMKoRxwFl4CAggA +MBQGCCqGSIb3DQMHBAh3N+m1jtZvYgSCBMjc0ubJOkfSna22cqDmoGRkN/3T/nfk +zjaeXgq95J/FKJjrDL8t+ywAM/Xrs5CIRraaiJQ2ddYy6ViaKsoK00lVxx1zelFA +7HZke3gXQnmJEXxnb2cCJhYwX5ElT/QoSgxh9cLuLnw/4HVp4K0wCAjmCkYtCc32 +HvqCJJU2Gj97rVMr43jz/GISBKdFtzBSP059SRNgutczONs4zBV3YZNYMOO+GZWF +Gt46vy0rzEgEku9PdNSBG48j2VCidj6VzJSDzrS8gMcNVd65quzCoCLoaUZ+Xgf0 +T28rwElhRe0Khji1fW2KyeyMNwtivKZPVOzOkS4gdmRZq64WdZBSC0yL4VepXXML +wUtPORgYZ0VkkLZHJ5exLQJESQz68CX9kiryoZgDbZMcYzDBI4lkFwtqRTKRbmM+ +K4VPVxqWREAmnMPBfdDBRKi0yml2Y53Eq5PAhCqkhbFe5JiZ5OGlwGY+zPiFZ+65 +EYHTcjCW1NIY1GTKYp7AYQ0JX4tNqFQon+9GLmowODQeW0DkcCKabHNTNUnCwW0d +qxyzC+gUEMCas1ZjVlkxeTEzYm7820DierzEc2pdvWRm6p8EHlFOboD65HpxpG4h +wYbe2ctNoB0gpaFDgaEsECxJ6ZxkMk2x39UPlAawkVshGs9W8StIxHgSUv4H9T/S +9SAiQKQOGOpyj0V+zfq6IW/XXK+lbV5CRSYwSAmC1JuEeR8Hy6guPmjNC4Otp/5j +NjiYDHWtQKvnYJDZOZraW1QqHlrwB6SNt3EAWYHR+d/OOPedeUh/WvtT7brnPu1Z +fQPkQLJtKyvG6rkNvAJl3Zl67cz3D3G1J/MSpFXc4dUcTKfldR5uSQSpVqFEWqmw +hgBxsv7OI0c/NMFt1JmUpQTMxhFqLKCjwVI9LZgJfl+EFPI5PCJY7mHBMfhDgZek +epAS7V+zaVOXZw41unk8HGgTx+u64g5cM8QEfs23RSu8t2122p7q4n1qgZ9pWtQZ +hwxhqvI4I4fnFVqgBRih9xQ3Vg/jCCtRLEPtrtlYYHGhejZ+6oSNN11aacOoVoBj +15rdwA45ch/W62ktHwvjoE8welXUOmjLLYh3zZH0tqdwOMDv0MRAjC0k4tACYClC +TqHipCjqead5vZRM40hCzE70AB4pLm6utAseJb8C/EweqlbhBaYqqPFZo/GdqD8s +9hQ3NU29ynrtIeuj359y9gLQU4Tc+dU8f6bxTE5IKrTwk552695lODKb5R4J1rN9 +weY1fcXWCHPiVJhmFnWo11nNPt7vS+m0eUCVdAAOdPoZwBLswTD6wCxquXXLi7wR +1a4vA8inf/nV+8kHebyhrQdS3uekqQZbPbfE545csLXnJdb+N418q/Vxw9lIH+N0 +90GeOdWGM34fXRzrPFlDSW5IhKDSR8+4tU71Fq4kwI1Z1AFN4oJUgcRRNm/fdd3w +V1PLnYYpTIFpunuerCDqYtHiIh2uwtWUWzPgIK7mm/UV5VSDsWTYktPlkTxEAwzm +ktuharKIvzLA13p5PXBHpjv27wJjgs6kPuWgBpG1IosC4nDq2355lBLqFSgK1pUt +Px6tls4RkaOTk8+t6J6W2ZeaF4Nu7kG6qnTqUuBkshcqcS3A53i2m0O/ug7n3vfU +QHM= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-openssl.cnf b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-openssl.cnf new file mode 100644 index 0000000..3ece25f --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-openssl.cnf @@ -0,0 +1,242 @@ +# +# Based on the OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#CRLDISTPT = [CRL Distribution Point; e.g., http://crl-list.base/w4edom-l4.base.crl] +CRLDISTPT = http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used as a login credential +scardLogin=1.3.6.1.4.1.311.20.2.2 +# Used in a smart card login certificate's subject alternative name +msUPN=1.3.6.1.4.1.311.20.2.3 +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used to identify a domain controller +msKDC=1.3.6.1.5.2.3.5 +# Identifies the AD GUID +msADGUID=1.3.6.1.4.1.311.25.1 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = CA-samba.example.com # Where everything is kept +certs = $dir/_none_certs # Where the issued certs are kept +crl_dir = $dir/_none_crl # Where the issued crl are kept +database = $dir/Private/CA-samba.example.com-index.txt # database index file. +unique_subject = yes # Set to 'no' to allow creation of + # several certificates with same subject. +new_certs_dir = $dir/NewCerts # default place for new certs. + +certificate = $dir/Public/CA-samba.example.com-cert.pem # The CA certificate +serial = $dir/Private/CA-samba.example.com-serial.txt # The current serial number +crlnumber = $dir/Private/CA-samba.example.com-crlnumber.txt # the current crl number + # must be commented out to leave a V1 CRL + +#crl = $dir/Public/CA-samba.example.com-crl.pem # The current CRL +crl = $dir/Public/CA-samba.example.com-crl.crl # The current CRL +private_key = $dir/Private/CA-samba.example.com-private-key.pem # The private key +RANDFILE = $dir/Private/CA-samba.example.com.rand # private random number file + +#x509_extensions = # The extensions to add to the cert +x509_extensions = template_x509_extensions + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +crl_extensions = crl_ext + +default_days = 7300 # how long to certify for +default_crl_days= 7300 # how long before next CRL +default_md = sha256 # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = match +stateOrProvinceName = match +localityName = match +organizationName = match +organizationalUnitName = match +commonName = supplied +emailAddress = supplied + +#################################################################### +[ req ] +default_bits = 2048 +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = US +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = SambaState + +localityName = Locality Name (eg, city) +localityName_default = SambaCity + +organizationName = Organization Name (eg, company) +organizationName_default = SambaSelfTesting + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = Users + +commonName = Common Name (eg, YOUR name) +commonName_default = pkinit@samba.example.com +commonName_max = 64 + +emailAddress = Email Address +emailAddress_default = pkinit@samba.example.com +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 +# +#unstructuredName = An optional company name + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +# Extensions for a typical CA +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. +keyUsage = cRLSign, keyCertSign + +crlDistributionPoints=URI:$CRLDISTPT + +# Some might want this also +nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +subjectAltName=email:copy +# Copy issuer details +issuerAltName=issuer:copy + +[ crl_ext ] +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +#[ usr_cert_scarduser ] +[ template_x509_extensions ] + +# These extensions are added when 'ca' signs a request for a certificate that will be used to login from a smart card + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE +crlDistributionPoints=URI:$CRLDISTPT + +# For normal client use this is typical +nsCertType = client, email + +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "Smart Card Login Certificate for pkinit@samba.example.com" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. + +subjectAltName=email:copy,otherName:msUPN;UTF8:pkinit@samba.example.com + +# Copy subject details +issuerAltName=issuer:copy + +nsCaRevocationUrl = $CRLDISTPT +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +#Extended Key requirements for client certs +extendedKeyUsage = clientAuth,scardLogin + diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-private-key.pem new file mode 100644 index 0000000..5492ba3 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-private-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA3cRIRKXpa7RBA2rcNB/WQc73y7JEp6MOiRb/DWIj4Isk24KC +aCkiG1dEEsbqEC1vOkt1sS52YgFi/7o9Z+E5DRI4sPyz5Q7dd3MrmSWG1RWECL6w +izjXZJ3W59xNmvvqF0G70c8auVsLiuWMWrctq733w5GuJsLjlyfqP77JIq/WdjVF +sHKG8r2/4tPj42hSJtvwpmoOYwWbF20T7sQVQZYnBpD9ELX5bHS+sKi7cPeiJdr3 +8ZHCaWxAxGPoBoPgHbcrKdN10d/B0pCvuYFHePPxGskg4xtv5P0uC2Wnb7GyoNPj +0i8r7/0BWyfnG8EOvL3we7I0qZtNLMhlM8gzFwIDAQABAoIBAQCgUBQuDAIBafzV +i5pD0//+8q8PAX+/74/Cam1WL2vgFrY+OMosog+V1C/RoxnxN+cALSyXOQ87KeV3 +GBrrzVSArnts9kDVhTlz8D3EJ+ygfT1FVRQqkJykj7WbRxaSwykmRs6PjTe0Zqyh +a+9aZLEPRfSl29oZCymbS697BWBBQaKT/KKbVct9ViJhr8LjXjRYu1HGJuBY/kl4 +NFJFnmgL9KDlbkh9kNxVdLU1P4Ln9Yur13aV2OnVKkbgeTxFSsQrQbnyRjjtEtpE +ePTimmtbE8Epvd8BM8Pq1geD7NlBH1+Nmi+1mD3r0YNqnvRcqCpEWDS9dL/Mgs4B +/OgjX90BAoGBAP1VQLWZBgy1aSu7AIUtdAFsxmU6ecjh4ISczoHOe7b6xITEWYtB +S3ai7gA0+g/iPiKzIAVmyI5/pWBa/h8UnMFm5UoZYSBtI2o8nRAxMnlXJ3Ny7OM5 +QBluT0uEKtj7N/KEpbe61hNH7sVoyq+RJgGCGq9bbxZjAdlqgdkN0w7ZAoGBAOAZ +9N+Aru0f1vU0b9U6Dh/XTvtgOFd9AJbrXyQZRqbYQguYgWB0aZfDH3TarGDRbIf/ +/Alhoo7gatIstDgjDxk8GuhOFvlimNrf8RC6oTXDvPLnwekdAL7/fMOyFsTegxWL +1J305SNa8FL3G0Fr2HxCUa0UoCk/wVau78atpvtvAoGAEYmqXigG1DBm5IEgqxeX +dVXLckyXC8IfYe7dGP1rcSJxImPZcxuFFuR2p4sDWMAn3w0ZhWY1MjBCCaai+xHZ +PEZcT0HsiGslzX/+u5U8UkwnTgXBwoU/G8OYN7khoj3aBK8MLekAUvti20XC6l6Z +C/eu0z74NMuL4DpQXO9pEhkCgYBNtfKKRo9iPvZFlWdqY3VeaUVEOjuPaxN3Qit9 +0x4C4V8Vsk666eNr8wfHd8Tq1fRyvLvjbO336a5hL4tXJCEqOQODpwCkfiJPU/S+ +PlmE0VmGSgOeGKaXlPToz6rBnf+KyzBxjeifd/t6aaIT75fkjwLPqCVZ6Hfc3VDc +bn9HFQKBgF8+kghkOG15fchOAaqRq+nqmfJNKQPf9VxGBF+LPaXJdK1XOjnfUIxd +wVkPpic5HfAbZfYCChSPYWV07s3V7Muqz5mJ/TxijMVjLwRZQqcXNqA9rufoaz7i +3lHgGTaPLBVnz06lPMHTuyXid+QK3xHsFeT+NQ2NSfRucTCTnSJ3 +-----END RSA PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-private.p12 b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-private.p12 Binary files differnew file mode 100644 index 0000000..f83f831 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-private.p12 diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-req.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-req.pem new file mode 100644 index 0000000..72e7383 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-req.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIC8zCCAdsCAQAwga0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTYW1iYVN0YXRl +MRIwEAYDVQQHDAlTYW1iYUNpdHkxGTAXBgNVBAoMEFNhbWJhU2VsZlRlc3Rpbmcx +DjAMBgNVBAsMBVVzZXJzMSEwHwYDVQQDDBhwa2luaXRAc2FtYmEuZXhhbXBsZS5j +b20xJzAlBgkqhkiG9w0BCQEWGHBraW5pdEBzYW1iYS5leGFtcGxlLmNvbTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN3ESESl6Wu0QQNq3DQf1kHO98uy +RKejDokW/w1iI+CLJNuCgmgpIhtXRBLG6hAtbzpLdbEudmIBYv+6PWfhOQ0SOLD8 +s+UO3XdzK5klhtUVhAi+sIs412Sd1ufcTZr76hdBu9HPGrlbC4rljFq3Lau998OR +ribC45cn6j++ySKv1nY1RbByhvK9v+LT4+NoUibb8KZqDmMFmxdtE+7EFUGWJwaQ +/RC1+Wx0vrCou3D3oiXa9/GRwmlsQMRj6AaD4B23KynTddHfwdKQr7mBR3jz8RrJ +IOMbb+T9Lgtlp2+xsqDT49IvK+/9AVsn5xvBDry98HuyNKmbTSzIZTPIMxcCAwEA +AaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAS1xXnu2962UGX+uGRd546a81d3UBr6fbe +0fFemBBdXqLcOS7dIksjrn0Nuf+L9RFBFX8J+j5W769GvbctoVriuyC6BUU6UmKd +WMUgg6DpqhqOUW9Ze7bnHJc7JKwsgUQCmK1lEveS2ZyA9eUMOB4Wt6w+Fa4aJ51u +vm590qbs5gmeWHMTE7svG0oxwoT0bhT95sKSlfbuMM5v9XS72ZNkkcmmg/i0/Kpw +XXevmng9bVtZS4ajyGyFMQ45u5OauJwYJDFOjOqzo+YyglCyyrj5XJBYy7aajRPz +Bre7Pub8WwLFJyw6Chc++8VSgqBXN57RS64eSY58ChNyQYcj8vB2 +-----END CERTIFICATE REQUEST----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-cert.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-cert.pem new file mode 120000 index 0000000..e8fe413 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-cert.pem @@ -0,0 +1 @@ +USER-pkinit@samba.example.com-S04-cert.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-private-key.pem new file mode 120000 index 0000000..53e9e41 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-private-key.pem @@ -0,0 +1 @@ +USER-pkinit@samba.example.com-S04-private-key.pem
\ No newline at end of file |