3 # This config is used by the Time Stamp Authority tests.
8 # Extra OBJECT IDENTIFIER info:
16 # Policies used by the TSA tests.
17 tsa_policy1 = 1.2.3.4.1
18 tsa_policy2 = 1.2.3.4.5.6
19 tsa_policy3 = 1.2.3.4.5.7
21 #----------------------------------------------------------------------
23 default_ca = CA_default # The default ca section
28 certs = $dir/certs # Where the issued certs are kept
29 database = $dir/index.txt # database index file.
30 new_certs_dir = $dir/newcerts # default place for new certs.
32 certificate = $dir/cacert.pem # The CA certificate
33 serial = $dir/serial # The current serial number
34 private_key = $dir/private/cakey.pem# The private key
35 RANDFILE = $dir/private/.rand # private random number file
37 default_days = 365 # how long to certify for
38 default_md = sha1 # which md to use.
39 preserve = no # keep passed DN ordering
45 countryName = supplied
46 stateOrProvinceName = supplied
47 organizationName = supplied
48 organizationalUnitName = optional
50 emailAddress = optional
52 #----------------------------------------------------------------------
56 distinguished_name = $ENV::TSDNSECT
59 # attributes = req_attributes
60 x509_extensions = v3_ca # The extentions to add to the self signed cert
66 stateOrProvinceName = Budapest
67 localityName = Budapest
68 organizationName = Gov-CA Ltd.
73 stateOrProvinceName = Budapest
75 organizationName = Hun-TSA Ltd.
76 commonName = tsa$ENV::INDEX
80 # TSA server cert is not a CA cert.
81 basicConstraints=CA:FALSE
83 # The following key usage flags are needed for TSA server certificates.
84 keyUsage = nonRepudiation, digitalSignature
85 extendedKeyUsage = critical,timeStamping
87 # PKIX recommendations harmless if included in all certificates.
88 subjectKeyIdentifier=hash
89 authorityKeyIdentifier=keyid,issuer:always
93 # This is not a CA cert and not a TSA cert, either (timeStamping usage missing)
94 basicConstraints=CA:FALSE
96 # The following key usage flags are needed for TSA server certificates.
97 keyUsage = nonRepudiation, digitalSignature
98 # timeStamping is not supported by this certificate
99 # extendedKeyUsage = critical,timeStamping
101 # PKIX recommendations harmless if included in all certificates.
102 subjectKeyIdentifier=hash
103 authorityKeyIdentifier=keyid,issuer:always
107 # Extensions to add to a certificate request
108 basicConstraints = CA:FALSE
109 keyUsage = nonRepudiation, digitalSignature
113 # Extensions for a typical CA
115 subjectKeyIdentifier=hash
116 authorityKeyIdentifier=keyid:always,issuer:always
117 basicConstraints = critical,CA:true
118 keyUsage = cRLSign, keyCertSign
120 #----------------------------------------------------------------------
123 default_tsa = tsa_config1 # the default TSA section
127 # These are used by the TSA reply generation only.
128 dir = . # TSA root directory
129 serial = $dir/tsa_serial # The current serial number (mandatory)
130 signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate
132 certs = $dir/tsaca.pem # Certificate chain to include in reply
134 signer_key = $dir/tsa_key1.pem # The TSA private key (optional)
136 default_policy = tsa_policy1 # Policy if request did not specify it
138 other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
139 digests = md5, sha1 # Acceptable message digests (mandatory)
140 accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
141 ordering = yes # Is ordering defined for timestamps?
142 # (optional, default: no)
143 tsa_name = yes # Must the TSA name be included in the reply?
144 # (optional, default: no)
145 ess_cert_id_chain = yes # Must the ESS cert id chain be included?
146 # (optional, default: no)
150 # This configuration uses a certificate which doesn't have timeStamping usage.
151 # These are used by the TSA reply generation only.
152 dir = . # TSA root directory
153 serial = $dir/tsa_serial # The current serial number (mandatory)
154 signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate
156 certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply
158 signer_key = $dir/tsa_key2.pem # The TSA private key (optional)
160 default_policy = tsa_policy1 # Policy if request did not specify it
162 other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
163 digests = md5, sha1 # Acceptable message digests (mandatory)