CertPathValidator/indirectCRL/openssl.cnf

1251N/A#
2362N/A# Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
1251N/A# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
1251N/A#
1251N/A# This code is free software; you can redistribute it and/or modify it
1251N/A# under the terms of the GNU General Public License version 2 only, as
2362N/A# published by the Free Software Foundation.  Oracle designates this
1251N/A# particular file as subject to the "Classpath" exception as provided
2362N/A# by Oracle in the LICENSE file that accompanied this code.
1251N/A#
1251N/A# This code is distributed in the hope that it will be useful, but WITHOUT
1251N/A# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
1251N/A# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
1251N/A# version 2 for more details (a copy is included in the LICENSE file that
1251N/A# accompanied this code).
1251N/A#
1251N/A# You should have received a copy of the GNU General Public License version
1251N/A# 2 along with this work; if not, write to the Free Software Foundation,
1251N/A# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
1251N/A#
2362N/A# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A# or visit www.oracle.com if you need additional information or have any
2362N/A# questions.
1251N/A#
1251N/A
1251N/A#
1251N/A# OpenSSL configuration file.
1251N/A#
1251N/A
1251N/AHOME                = .
1251N/ARANDFILE            = $ENV::HOME/.rnd
1251N/A
1251N/A[ ca ]
1251N/Adefault_ca          = CA_default
1251N/A
1251N/A[ CA_default ]
1251N/Adir                 = ./top
1251N/Acerts               = $dir/certs
1251N/Acrl_dir             = $dir/crl
1251N/Adatabase            = $dir/index.txt
1251N/Aunique_subject      = no
1251N/Anew_certs_dir       = $dir/newcerts
1251N/Acertificate         = $dir/cacert.pem
1251N/Aserial              = $dir/serial
1251N/Acrlnumber           = $dir/crlnumber
1251N/Acrl                 = $dir/crl.pem
1251N/Aprivate_key         = $dir/private/cakey.pem
1251N/ARANDFILE            = $dir/private/.rand
1251N/Ax509_extensions     = v3_ca
1251N/A
1251N/Aname_opt            = ca_default
1251N/Acert_opt            = ca_default
1251N/A
1251N/Adefault_days        = 7650
1251N/Adefault_crl_days    = 30
1251N/Adefault_md          = sha1
1251N/Apreserve            = no
1251N/A
1251N/Apolicy              = policy_anything
1251N/A
1251N/A[ ca_top ]
1251N/Adir                 = ./root
1251N/Acerts               = $dir/certs
1251N/Acrl_dir             = $dir/crl
1251N/Adatabase            = $dir/index.txt
1251N/Aunique_subject      = no
1251N/Anew_certs_dir       = $dir/newcerts
1251N/Acertificate         = $dir/cacert.pem
1251N/Aserial              = $dir/serial
1251N/Acrlnumber           = $dir/crlnumber
1251N/Acrl                 = $dir/crl.pem
1251N/Aprivate_key         = $dir/private/cakey.pem
1251N/ARANDFILE            = $dir/private/.rand
1251N/A
1251N/Ax509_extensions     = v3_ca
1251N/A
1251N/Aname_opt            = ca_default
1251N/Acert_opt            = ca_default
1251N/A
1251N/Adefault_days        = 7650
1251N/Adefault_crl_days    = 30
1251N/Adefault_md          = sha1
1251N/Apreserve            = no
1251N/A
1251N/Apolicy              = policy_anything
1251N/A
1251N/A[ ca_subca ]
1251N/Adir                 = ./subca
1251N/Acerts               = $dir/certs
1251N/Acrl_dir             = $dir/crl
1251N/Adatabase            = $dir/index.txt
1251N/Aunique_subject      = no
1251N/Anew_certs_dir       = $dir/newcerts
1251N/A
1251N/Acertificate         = $dir/cacert.pem
1251N/Aserial              = $dir/serial
1251N/Acrlnumber           = $dir/crlnumber
1251N/Acrl                 = $dir/crl.pem
1251N/Aprivate_key         = $dir/private/cakey.pem
1251N/ARANDFILE            = $dir/private/.rand
1251N/A
1251N/Ax509_extensions     = usr_cert
1251N/A
1251N/Aname_opt            = ca_default
1251N/Acert_opt            = ca_default
1251N/A
1251N/Adefault_days        = 7650
1251N/Adefault_crl_days    = 30
1251N/Adefault_md          = sha1
1251N/Apreserve            = no
1251N/A
1251N/Apolicy              = policy_anything
1251N/A
1251N/A[ policy_match ]
1251N/AcountryName         = match
1251N/AstateOrProvinceName = match
1251N/AorganizationName    = match
1251N/AorganizationalUnitName  = optional
1251N/AcommonName          = supplied
1251N/AemailAddress        = optional
1251N/A
1251N/A[ policy_anything ]
1251N/AcountryName         = optional
1251N/AstateOrProvinceName = optional
1251N/AlocalityName        = optional
1251N/AorganizationName    = optional
1251N/AorganizationalUnitName  = optional
1251N/AcommonName          = supplied
1251N/AemailAddress        = optional
1251N/A
1251N/A[ req ]
1251N/Adefault_bits        = 1024
1251N/Adefault_keyfile     = privkey.pem
1251N/Adistinguished_name  = req_distinguished_name
1251N/Aattributes          = req_attributes
1251N/Ax509_extensions     = v3_ca
1251N/A
1251N/Astring_mask = nombstr
1251N/A
1251N/A[ req_distinguished_name ]
1251N/AcountryName         = Country Name (2 letter code)
1251N/AcountryName_default = NO
1251N/AcountryName_min     = 2
1251N/AcountryName_max     = 2
1251N/A
1251N/AstateOrProvinceName = State or Province Name (full name)
1251N/AstateOrProvinceName_default  = A-State
1251N/A
1251N/AlocalityName        = Locality Name (eg, city)
1251N/A
1251N/A0.organizationName  = Organization Name (eg, company)
1251N/A0.organizationName_default   = Internet Widgits Pty Ltd
1251N/A
1251N/AorganizationalUnitName       = Organizational Unit Name (eg, section)
1251N/A
1251N/AcommonName              = Common Name (eg, YOUR name)
1251N/AcommonName_max          = 64
1251N/A
1251N/AemailAddress            = Email Address
1251N/AemailAddress_max        = 64
1251N/A
1251N/A[ req_attributes ]
1251N/AchallengePassword       = A challenge password
1251N/AchallengePassword_min   = 4
1251N/AchallengePassword_max   = 20
1251N/AunstructuredName        = An optional company name
1251N/A
1251N/A
1251N/A[ usr_cert ]
1251N/AkeyUsage                = nonRepudiation, digitalSignature, keyEncipherment
1251N/A
1251N/AsubjectKeyIdentifier    = hash
1251N/AauthorityKeyIdentifier  = keyid,issuer
1251N/A
1251N/A[ v3_req ]
1251N/AbasicConstraints        = CA:FALSE
1251N/AkeyUsage                = nonRepudiation, digitalSignature, keyEncipherment
1251N/AsubjectAltName          = email:example@openjdk.net, RID:1.2.3.4:true
1251N/A
1251N/A[ v3_ca ]
1251N/AsubjectKeyIdentifier    = hash
1251N/AauthorityKeyIdentifier  = keyid:always,issuer:always
1251N/AbasicConstraints        = critical,CA:true
1251N/AkeyUsage                = keyCertSign
1251N/A
1251N/A[ cert_issuer ]
1251N/AsubjectKeyIdentifier    = hash
1251N/AauthorityKeyIdentifier  = keyid:always,issuer:always
1251N/AbasicConstraints        = critical,CA:true
1251N/AkeyUsage                = keyCertSign
1251N/A
1251N/A
1251N/A[ crl_issuer ]
1251N/AsubjectKeyIdentifier    = hash
1251N/AauthorityKeyIdentifier  = keyid:always,issuer:always
1251N/AkeyUsage                = cRLSign
1251N/A
1251N/A
1251N/A[ crl_ext ]
1251N/AauthorityKeyIdentifier  = keyid:always,issuer:always
1251N/A
1251N/A[ ee_of_subca ]
1251N/AkeyUsage    = nonRepudiation, digitalSignature, keyEncipherment, keyAgreement
1251N/A
1251N/AsubjectKeyIdentifier    = hash
1251N/AauthorityKeyIdentifier  = keyid,issuer