sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code
1e07da1cfe
samba-mirror/third_party/heimdal/lib/hx509/data/openssl.1.1.cnf
Stefan Metzmacher 7055827b8f HEIMDAL: move code from source4/heimdal* to third_party/heimdal* 
This makes it clearer that we always want to do heimdal changes
via the lorikeet-heimdal repository.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

Autobuild-User(master): Joseph Sutton <jsutton@samba.org>
Autobuild-Date(master): Wed Jan 19 21:41:59 UTC 2022 on sn-devel-184
2022-01-19 21:41:59 +00:00

186 lines
4.1 KiB
INI
Raw Blame History

[ca]
default_ca = user
[usr]
database = index.txt
serial = serial
x509_extensions = usr_cert
default_md=sha1
policy = policy_match
email_in_dn = no
certs = .
[ocsp]
database = index.txt
serial = serial
x509_extensions = ocsp_cert
default_md=sha1
policy = policy_match
email_in_dn = no
certs = .
[usr_ke]
database = index.txt
serial = serial
x509_extensions = usr_cert_ke
default_md=sha1
policy = policy_match
email_in_dn = no
certs = .
[usr_ds]
database = index.txt
serial = serial
x509_extensions = usr_cert_ds
default_md=sha1
policy = policy_match
email_in_dn = no
certs = .
[pkinit_client]
database = index.txt
serial = serial
x509_extensions = pkinit_client_cert
default_md=sha1
policy = policy_match
email_in_dn = no
certs = .
[pkinit_kdc]
database = index.txt
serial = serial
x509_extensions = pkinit_kdc_cert
default_md=sha1
policy = policy_match
email_in_dn = no
certs = .
[https]
database = index.txt
serial = serial
x509_extensions = https_cert
default_md=sha1
policy = policy_match
email_in_dn = no
certs = .
[subca]
database = index.txt
serial = serial
x509_extensions = v3_ca
default_md=sha1
policy = policy_match
email_in_dn = no
certs = .
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_ca # The extensions to add to the self signed cert
string_mask = utf8only
[v3_ca]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
keyUsage = cRLSign, keyCertSign, keyEncipherment, nonRepudiation, digitalSignature
[usr_cert]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier = hash
[usr_cert_ke]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, keyEncipherment
subjectKeyIdentifier = hash
[proxy_cert]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier = hash
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:0,policy:text:foo
[pkinitc_principals]
princ1 = GeneralString:bar
[pkinitc_principal_seq]
name_type = EXP:0,INTEGER:1
name_string = EXP:1,SEQUENCE:pkinitc_principals
[pkinitc_princ_name]
realm = EXP:0,GeneralString:TEST.H5L.SE
principal_name = EXP:1,SEQUENCE:pkinitc_principal_seq
[pkinit_client_cert]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier = hash
subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitc_princ_name
[https_cert]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
#extendedKeyUsage = https-server XXX
subjectKeyIdentifier = hash
[pkinit_kdc_cert]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = 1.3.6.1.5.2.3.5
subjectKeyIdentifier = hash
subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitkdc_princ_name
[pkinitkdc_princ_name]
realm = EXP:0,GeneralString:TEST.H5L.SE
principal_name = EXP:1,SEQUENCE:pkinitkdc_principal_seq
[pkinitkdc_principal_seq]
name_type = EXP:0,INTEGER:1
name_string = EXP:1,SEQUENCE:pkinitkdc_principals
[pkinitkdc_principals]
princ1 = GeneralString:krbtgt
princ2 = GeneralString:TEST.H5L.SE
[proxy10_cert]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier = hash
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:10,policy:text:foo
[usr_cert_ds]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature
subjectKeyIdentifier = hash
[ocsp_cert]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# ocsp-nocheck and kp-OCSPSigning
extendedKeyUsage = 1.3.6.1.5.5.7.48.1.5, 1.3.6.1.5.5.7.3.9
subjectKeyIdentifier = hash
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = SE
countryName_min = 2
countryName_max = 2
organizationalName = Organizational Unit Name (eg, section)
commonName = Common Name (eg, YOUR name)
commonName_max = 64
#[req_attributes]
#challengePassword = A challenge password
#challengePassword_min = 4
#challengePassword_max = 20
[policy_match]
countryName = match
commonName = supplied
View Git Blame Copy Permalink