openssl.cnf 1.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142
  1. #
  2. # openssl configuration file for OCSP certificates
  3. #
  4. # Extensions to add to a certificate request (intermediate1-ca)
  5. [ v3_req1 ]
  6. basicConstraints = CA:false
  7. subjectKeyIdentifier = hash
  8. authorityKeyIdentifier = keyid:always,issuer:always
  9. keyUsage = nonRepudiation, digitalSignature, keyEncipherment
  10. authorityInfoAccess = OCSP;URI:http://127.0.0.1:22221
  11. # Extensions to add to a certificate request (intermediate2-ca)
  12. [ v3_req2 ]
  13. basicConstraints = CA:false
  14. subjectKeyIdentifier = hash
  15. authorityKeyIdentifier = keyid:always,issuer:always
  16. keyUsage = nonRepudiation, digitalSignature, keyEncipherment
  17. authorityInfoAccess = OCSP;URI:http://127.0.0.1:22222
  18. # Extensions to add to a certificate request (intermediate3-ca)
  19. [ v3_req3 ]
  20. basicConstraints = CA:false
  21. subjectKeyIdentifier = hash
  22. authorityKeyIdentifier = keyid:always,issuer:always
  23. keyUsage = nonRepudiation, digitalSignature, keyEncipherment
  24. authorityInfoAccess = OCSP;URI:http://127.0.0.1:22223
  25. # Extensions for a typical CA
  26. [ v3_ca ]
  27. basicConstraints = CA:true
  28. subjectKeyIdentifier = hash
  29. authorityKeyIdentifier = keyid:always,issuer:always
  30. keyUsage = keyCertSign, cRLSign
  31. authorityInfoAccess = OCSP;URI:http://127.0.0.1:22220
  32. # OCSP extensions.
  33. [ v3_ocsp ]
  34. basicConstraints = CA:false
  35. subjectKeyIdentifier = hash
  36. authorityKeyIdentifier = keyid:always,issuer:always
  37. extendedKeyUsage = OCSPSigning