CertPathValidator/nameConstraints/openssl.cnf

1253N/A#
2362N/A# Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
1253N/A# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
1253N/A#
1253N/A# This code is free software; you can redistribute it and/or modify it
1253N/A# under the terms of the GNU General Public License version 2 only, as
2362N/A# published by the Free Software Foundation.  Oracle designates this
1253N/A# particular file as subject to the "Classpath" exception as provided
2362N/A# by Oracle in the LICENSE file that accompanied this code.
1253N/A#
1253N/A# This code is distributed in the hope that it will be useful, but WITHOUT
1253N/A# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
1253N/A# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
1253N/A# version 2 for more details (a copy is included in the LICENSE file that
1253N/A# accompanied this code).
1253N/A#
1253N/A# You should have received a copy of the GNU General Public License version
1253N/A# 2 along with this work; if not, write to the Free Software Foundation,
1253N/A# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
1253N/A#
2362N/A# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A# or visit www.oracle.com if you need additional information or have any
2362N/A# questions.
1253N/A#
1253N/A
1253N/A#
1253N/A# OpenSSL configuration file.
1253N/A#
1253N/A
1253N/AHOME                = .
1253N/ARANDFILE            = $ENV::HOME/.rnd
1253N/A
1253N/A[ ca ]
1253N/Adefault_ca          = CA_default
1253N/A
1253N/A[ CA_default ]
1253N/Adir                 = ./top
1253N/Acerts               = $dir/certs
1253N/Acrl_dir             = $dir/crl
1253N/Adatabase            = $dir/index.txt
1253N/Aunique_subject      = no
1253N/Anew_certs_dir       = $dir/newcerts
1253N/Acertificate         = $dir/cacert.pem
1253N/Aserial              = $dir/serial
1253N/Acrlnumber           = $dir/crlnumber
1253N/Acrl                 = $dir/crl.pem
1253N/Aprivate_key         = $dir/private/cakey.pem
1253N/ARANDFILE            = $dir/private/.rand
1253N/Ax509_extensions     = v3_ca
1253N/A
1253N/Aname_opt            = ca_default
1253N/Acert_opt            = ca_default
1253N/A
1253N/Adefault_days        = 7650
1253N/Adefault_crl_days    = 30
1253N/Adefault_md          = sha1
1253N/Apreserve            = no
1253N/A
1253N/Apolicy              = policy_anything
1253N/A
1253N/A[ ca_top ]
1253N/Adir                 = ./root
1253N/Acerts               = $dir/certs
1253N/Acrl_dir             = $dir/crl
1253N/Adatabase            = $dir/index.txt
1253N/Aunique_subject      = no
1253N/Anew_certs_dir       = $dir/newcerts
1253N/Acertificate         = $dir/cacert.pem
1253N/Aserial              = $dir/serial
1253N/Acrlnumber           = $dir/crlnumber
1253N/Acrl                 = $dir/crl.pem
1253N/Aprivate_key         = $dir/private/cakey.pem
1253N/ARANDFILE            = $dir/private/.rand
1253N/A
1253N/Ax509_extensions     = v3_ca
1253N/A
1253N/Aname_opt            = ca_default
1253N/Acert_opt            = ca_default
1253N/A
1253N/Adefault_days        = 7650
1253N/Adefault_crl_days    = 30
1253N/Adefault_md          = sha1
1253N/Apreserve            = no
1253N/A
1253N/Apolicy              = policy_anything
1253N/A
1253N/A[ ca_subca ]
1253N/Adir                 = ./subca
1253N/Acerts               = $dir/certs
1253N/Acrl_dir             = $dir/crl
1253N/Adatabase            = $dir/index.txt
1253N/Aunique_subject      = no
1253N/Anew_certs_dir       = $dir/newcerts
1253N/A
1253N/Acertificate         = $dir/cacert.pem
1253N/Aserial              = $dir/serial
1253N/Acrlnumber           = $dir/crlnumber
1253N/Acrl                 = $dir/crl.pem
1253N/Aprivate_key         = $dir/private/cakey.pem
1253N/ARANDFILE            = $dir/private/.rand
1253N/A
1253N/Ax509_extensions     = usr_cert
1253N/A
1253N/Aname_opt            = ca_default
1253N/Acert_opt            = ca_default
1253N/A
1253N/Adefault_days        = 7650
1253N/Adefault_crl_days    = 30
1253N/Adefault_md          = sha1
1253N/Apreserve            = no
1253N/A
1253N/Apolicy              = policy_anything
1253N/A
1253N/A[ policy_match ]
1253N/AcountryName         = match
1253N/AstateOrProvinceName = match
1253N/AorganizationName    = match
1253N/AorganizationalUnitName  = optional
1253N/AcommonName          = supplied
1253N/AemailAddress        = optional
1253N/A
1253N/A[ policy_anything ]
1253N/AcountryName         = optional
1253N/AstateOrProvinceName = optional
1253N/AlocalityName        = optional
1253N/AorganizationName    = optional
1253N/AorganizationalUnitName  = optional
1253N/AcommonName          = supplied
1253N/AemailAddress        = optional
1253N/A
1253N/A[ req ]
1253N/Adefault_bits        = 1024
1253N/Adefault_keyfile     = privkey.pem
1253N/Adistinguished_name  = req_distinguished_name
1253N/Aattributes          = req_attributes
1253N/Ax509_extensions     = v3_ca
1253N/A
1253N/Astring_mask = nombstr
1253N/A
1253N/A[ req_distinguished_name ]
1253N/AcountryName         = Country Name (2 letter code)
1253N/AcountryName_default = NO
1253N/AcountryName_min     = 2
1253N/AcountryName_max     = 2
1253N/A
1253N/AstateOrProvinceName = State or Province Name (full name)
1253N/AstateOrProvinceName_default  = A-State
1253N/A
1253N/AlocalityName        = Locality Name (eg, city)
1253N/A
1253N/A0.organizationName  = Organization Name (eg, company)
1253N/A0.organizationName_default   = Internet Widgits Pty Ltd
1253N/A
1253N/AorganizationalUnitName       = Organizational Unit Name (eg, section)
1253N/A
1253N/AcommonName              = Common Name (eg, YOUR name)
1253N/AcommonName_max          = 64
1253N/A
1253N/AemailAddress            = Email Address
1253N/AemailAddress_max        = 64
1253N/A
1253N/A[ req_attributes ]
1253N/AchallengePassword       = A challenge password
1253N/AchallengePassword_min   = 4
1253N/AchallengePassword_max   = 20
1253N/AunstructuredName        = An optional company name
1253N/A
1253N/A
1253N/A[ usr_cert ]
1253N/AkeyUsage                = nonRepudiation, digitalSignature, keyEncipherment
1253N/A
1253N/AsubjectKeyIdentifier    = hash
1253N/AauthorityKeyIdentifier  = keyid,issuer
1253N/A
1253N/A[ v3_req ]
1253N/AbasicConstraints        = CA:FALSE
1253N/AkeyUsage                = nonRepudiation, digitalSignature, keyEncipherment
1253N/AsubjectAltName          = email:example@openjdk.net, RID:1.2.3.4:true
1253N/A
1253N/A[ v3_ca ]
1253N/AsubjectKeyIdentifier    = hash
1253N/AauthorityKeyIdentifier  = keyid:always,issuer:always
1253N/AbasicConstraints        = critical,CA:true
1253N/AkeyUsage                = keyCertSign
1253N/A
1253N/A[ cert_issuer ]
1253N/AsubjectKeyIdentifier    = hash
1253N/AauthorityKeyIdentifier  = keyid:always,issuer:always
1253N/AbasicConstraints        = critical,CA:true
1253N/AkeyUsage                = keyCertSign
1253N/AnameConstraints         = excluded;RID:1.2.3.4.5
1253N/A
1253N/A[ crl_issuer ]
1253N/AsubjectKeyIdentifier    = hash
1253N/AauthorityKeyIdentifier  = keyid:always,issuer:always
1253N/AkeyUsage                = cRLSign
1253N/A
1253N/A
1253N/A[ crl_ext ]
1253N/AauthorityKeyIdentifier  = keyid:always,issuer:always
1253N/A
1253N/A[ ee_of_subca ]
1253N/AkeyUsage    = nonRepudiation, digitalSignature, keyEncipherment, keyAgreement
1253N/A
1253N/AsubjectKeyIdentifier    = hash
1253N/AauthorityKeyIdentifier  = keyid,issuer
1253N/A
1253N/A[ alice_of_subca ]
1253N/AkeyUsage    = nonRepudiation, digitalSignature, keyEncipherment, keyAgreement
1253N/AsubjectAltName          = RID:1.2.3.4
1253N/A
1253N/AsubjectKeyIdentifier    = hash
1253N/AauthorityKeyIdentifier  = keyid,issuer
1253N/A
1253N/A[ susan_of_subca ]
1253N/AkeyUsage    = nonRepudiation, digitalSignature, keyEncipherment, keyAgreement
1253N/AsubjectAltName          = RID:1.2.3.4.5
1253N/A
1253N/AsubjectKeyIdentifier    = hash
1253N/AauthorityKeyIdentifier  = keyid,issuer