Mercurial Mercurial > oss > MCL > sf > os > security / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cryptoservices/certificateandkeymgmt/testcertificates/openssl/openssl.config
author andy simpson <andrews@symbian.org>
Fri, 08 Jan 2010 16:25:14 +0000
changeset 32 ba2bce746d00
parent 8 35751d3474b7
permissions -rw-r--r--
Added tag PDK_3.0.e for changeset c0e7917aa107

# openssl.config
#
# Config file for OpenSSL CA

[ ca ]

default_ca      = ca_default            # The default ca section

[ Root1 ]

dir            = Root1
database       = $dir\\index.txt         # index file.
new_certs_dir  = $dir\\certs             # new certs dir

certificate    = $dir\\certs\\ca.pem        # The CA cert
serial         = $dir\\serial            # serial no file
private_key    = $dir\\private\\ca.key.pem # CA private key
RANDFILE       = $dir\\private\\.rand     # random number file

default_days   = 365                    # how long to certify for
default_crl_days= 30                    # how long before next CRL
default_md     = md5                    # md to use

policy         = ca_policy              # our policy
email_in_dn    = no                     # Don't add the email into cert DN

nameopt        = default_ca             # Subject name display option
certopt        = default_ca             # Certificate display option
copy_extensions = none                  # Don't copy extensions from request

distinguished_name      = root_ca_distinguished_name


[ Root2 ]

dir            = Root2
database       = $dir\\index.txt         # index file.
new_certs_dir  = $dir\\certs             # new certs dir

certificate    = $dir\\certs\\ca.pem        # The CA cert
serial         = $dir\\serial            # serial no file
private_key    = $dir\\private\\ca.key.pem # CA private key
RANDFILE       = $dir\\private\\.rand     # random number file
				 
default_days   = 365                    # how long to certify for
default_crl_days= 30                    # how long before next CRL
default_md     = sha1                    # md to use

policy         = ca_policy              # our policy
email_in_dn    = no                     # Don't add the email into cert DN

nameopt        = default_ca             # Subject name display option
certopt        = default_ca             # Certificate display option
copy_extensions = none                  # Don't copy extensions from request


[ Root5]

dir            = Root5
database       = $dir\\index.txt         # index file.
new_certs_dir  = $dir\\certs             # new certs dir

certificate    = $dir\\certs\\ca.pem        # The CA cert
serial         = $dir\\serial            # serial no file
private_key    = $dir\\private\\ca.key.pem # CA private key
RANDFILE       = $dir\\private\\.rand     # random number file

default_days   = 365                    # how long to certify for
default_crl_days= 30                    # how long before next CRL
default_md     = md5                    # md to use

policy         = ca_policy              # our policy
email_in_dn    = no                     # Don't add the email into cert DN

nameopt        = default_ca             # Subject name display option
certopt        = default_ca             # Certificate display option
copy_extensions = none                  # Don't copy extensions from request


[ Root5-Mid ]
dir            = Root5-Mid
database       = $dir\\index.txt         # index file.
new_certs_dir  = $dir\\certs             # new certs dir

certificate    = $dir\\certs\\Mid-R5.pem        # The CA cert
serial         = $dir\\serial            # serial no file
private_key    = $dir\\private\\Mid-R5.key.pem # CA private key
RANDFILE       = $dir\\private\\.rand     # random number file

default_days   = 365                    # how long to certify for
default_crl_days= 30                    # how long before next CRL
default_md     = md5                    # md to use

policy         = ca_policy              # our policy
email_in_dn    = no                     # Don't add the email into cert DN

nameopt        = default_ca             # Subject name display option
certopt        = default_ca             # Certificate display option
copy_extensions = none                  # Don't copy extensions from request



[ Root3-OCSP ]

dir            = Root3-OCSP
database       = $dir\\index.txt         # index file.
new_certs_dir  = $dir\\certs             # new certs dir

certificate    = $dir\\certs\\ca.pem        # The CA cert
serial         = $dir\\serial            # serial no file
private_key    = $dir\\private\\ca.key.pem # CA private key
RANDFILE       = $dir\\private\\.rand     # random number file

default_days   = 365                    # how long to certify for
default_crl_days= 30                    # how long before next CRL
default_md     = md5                    # md to use

policy         = ca_policy              # our policy
email_in_dn    = no                     # Don't add the email into cert DN

nameopt        = default_ca             # Subject name display option
certopt        = default_ca             # Certificate display option
copy_extensions = none                  # Don't copy extensions from request


[ OCSPSigningRoot ]

dir            = OCSPSigningRoot
database       = $dir\\index.txt         # index file.
new_certs_dir  = $dir\\certs             # new certs dir

certificate    = $dir\\certs\\ca.pem        # The CA cert
serial         = $dir\\serial            # serial no file
private_key    = $dir\\private\\ca.key.pem # CA private key
RANDFILE       = $dir\\private\\.rand     # random number file
				 
default_days   = 365                    # how long to certify for
default_crl_days= 30                    # how long before next CRL
default_md     = sha1                    # md to use

policy         = ca_policy              # our policy
email_in_dn    = no                     # Don't add the email into cert DN

nameopt        = default_ca             # Subject name display option
certopt        = default_ca             # Certificate display option
copy_extensions = none                  # Don't copy extensions from request


[ Root5_Root_Ext ]
keyUsage=critical,keyCertSign
basicConstraints=critical,CA:TRUE, pathlen:5
subjectKeyIdentifier=hash

[ Root5_Ext ]
extendedKeyUsage=codeSigning
certificatePolicies=1.2.826.0.1.1796587.1

[ Root5_Mid ]
keyUsage=critical,keyCertSign
basicConstraints=critical,CA:TRUE, pathlen:5
subjectKeyIdentifier=hash

[ Root5_Mid_EE ]
extendedKeyUsage=codeSigning
certificatePolicies=1.2.826.0.1.1796587.1
basicConstraints=critical,CA:FALSE


[ NoOCSP_Ext ]
1.3.6.1.5.5.7.48.1.5=DER:0500


[ req ]
distinguished_name      = root_ca_distinguished_name

[ ca_policy ]

organizationName       = supplied
commonName             = supplied
 

[ root_ca_distinguished_name ]
	commonName              = Symbian Software Ltd
	stateOrProvinceName     = London
	countryName             = UK
	emailAddress            = Jeremy.Smithers@Symbian.com
	organizationName        = Symbian Software Ltd
MCL/sf/os/security