diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2012-09-09 20:43:49 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2012-09-09 20:43:49 +0000 |
| commit | 79b184fb4b65d501352a189ff102b509e14e62ca (patch) | |
| tree | 4f110bea0a58cc24eb2aafab06d3278fb0d87e41 /demos/certs/ca.cnf | |
| parent | 648f551a4aa1da792620cdbbddb791dba28fb297 (diff) | |
| download | openssl-new-79b184fb4b65d501352a189ff102b509e14e62ca.tar.gz | |
Extend certificate creation examples to include CRL generation and sample
scripts running the test OCSP responder.
Diffstat (limited to 'demos/certs/ca.cnf')
| -rw-r--r-- | demos/certs/ca.cnf | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/demos/certs/ca.cnf b/demos/certs/ca.cnf index a1b6bd799e..c45fcfd61e 100644 --- a/demos/certs/ca.cnf +++ b/demos/certs/ca.cnf @@ -7,6 +7,7 @@ HOME = . RANDFILE = $ENV::HOME/.rnd CN = "Not Defined" +default_ca = ca #################################################################### [ req ] @@ -41,6 +42,19 @@ nsComment = "OpenSSL Generated Certificate" # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid +# OCSP responder certificate +[ ocsp_cert ] + +basicConstraints=critical, CA:FALSE +keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid +extendedKeyUsage=OCSPSigning [ dh_cert ] @@ -66,4 +80,7 @@ authorityKeyIdentifier=keyid:always basicConstraints = critical,CA:true keyUsage = critical, cRLSign, keyCertSign - +# Minimal CA entry to allow generation of CRLs. +[ca] +database=index.txt +crlnumber=crlnum.txt |