123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142 |
- [default]
- batch = 1 # do not use stdin
- total_timeout = 8 # prevent, e.g., infinite polling due to error
- trusted = trusted.crt
- newkey = new.key
- newkeypass =
- cmd = ir
- out_trusted = root.crt
- #certout = test.cert.pem
- policies = certificatePolicies
- #policy_oids = 1.2.3.4
- #policy_oids_critical = 1
- #verbosity = 7
- ############################# server configurations
- [Mock] # the built-in OpenSSL CMP mock server
- no_check_time = 1
- server_host = 127.0.0.1 # localhost
- # server_port = 0 means that the port is determined by the server
- server_port = 0
- server_tls = $server_port
- server_cert = server.crt
- server = $server_host:$server_port
- server_path = pkix/
- path = $server_path
- ca_dn = /O=openssl_cmp
- recipient = $ca_dn
- server_dn = /O=openssl_cmp
- expect_sender = $server_dn
- subject = "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf"
- newkey = signer.key
- out_trusted = signer_root.crt
- kur_port = $server_port
- pbm_port = $server_port
- pbm_ref =
- pbm_secret = pass:test
- cert = signer.crt
- key = signer.p12
- keypass = pass:12345
- ignore_keyusage = 0
- column = 0
- sleep = 0
- ############################# aspects
- [connection]
- msg_timeout = 5
- total_timeout =
- # reset any TLS options to default:
- tls_used =
- tls_cert =
- tls_key =
- tls_keypass =
- tls_trusted =
- tls_host =
- [tls]
- server =
- tls_used =
- tls_cert =
- tls_key =
- tls_keypass =
- tls_trusted =
- tls_host =
- [credentials]
- ref =
- secret =
- cert =
- key =
- keypass =
- extracerts =
- digest =
- unprotected_requests =
- [verification]
- #expect_sender =
- srvcert =
- trusted =
- untrusted =
- #unprotected_errors =
- extracertsout =
- [commands]
- cmd =
- certout =
- cacertsout =
- infotype =
- oldcert =
- revreason =
- geninfo =
- [enrollment]
- cmd =
- newkey =
- newkeypass =
- #subject =
- issuer =
- days =
- reqexts =
- sans =
- san_nodefault = 0
- #popo =
- implicit_confirm = 0
- disable_confirm = 0
- certout =
- out_trusted =
- oldcert =
- csr =
- ############################# extra cert template contents
- [certificatePolicies]
- certificatePolicies = "critical, @pkiPolicy"
- [pkiPolicy]
- policyIdentifier = 1.2.3.4
- [reqexts]
- basicConstraints = CA:FALSE
- #basicConstraints = critical, CA:TRUE
- keyUsage = critical, digitalSignature # keyAgreement, keyEncipherment, nonRepudiation
- extendedKeyUsage = critical, clientAuth # serverAuth, codeSigning
- #crlDistributionPoints = URI:http:
- #authorityInfoAccess = URI:http:
- subjectAltName = @alt_names
- [alt_names]
- DNS.0 = localhost
- IP.0 = 127.0.0.1
- IP.1 = 192.168.1.1
- URI.0 = http://192.168.0.2
- [reqexts_invalidkey]
- subjectAltName = @alt_names_3
- [alt_names_3]
- DNS.0 = localhost
- DNS.1 = xn--rksmrgs-5wao1o.example.com
- DNS.2 = xn--rkmacka-5wa.example.com
- DNS__3 = xn--rksallad-0za.example.com
|