1 # X.509 Certificate options
5 # The organization of the subject.
6 organization = "ARPA2 Laboratories"
8 # The organizational unit of the subject.
11 # The locality of the subject.
14 # The state of the certificate owner.
17 # The country of the subject. Two letter code.
20 # The common name of the certificate owner.
21 cn = "TLS Pool Test CA"
23 # A user id of the certificate owner.
26 # Set domain components
30 # If the supported DN OIDs are not adequate you can set
32 # For example set the X.520 Title and the X.520 Pseudonym
33 # by using OID and string pairs.
34 #dn_oid = 2.5.4.12 Dr.
35 #dn_oid = 2.5.4.65 jackal
37 # This is deprecated and should not be used in new
39 # pkcs9_email = "none@@none.org"
41 # An alternative way to set the certificate's distinguished name directly
42 # is with the "dn" option. The attribute names allowed are:
43 # C (country), street, O (organization), OU (unit), title, CN (common name),
44 # L (locality), ST (state), placeOfBirth, gender, countryOfCitizenship,
45 # countryOfResidence, serialNumber, telephoneNumber, surName, initials,
46 # generationQualifier, givenName, pseudonym, dnQualifier, postalCode, name,
47 # businessCategory, DC, UID, jurisdictionOfIncorporationLocalityName,
48 # jurisdictionOfIncorporationStateOrProvinceName,
49 # jurisdictionOfIncorporationCountryName, XmppAddr, and numeric OIDs.
51 #dn = "cn = Nikos,st = New\, Something,C=GR,surName=Mavrogiannopoulos,2.5.4.9=Arkadias"
53 # The serial number of the certificate
54 # Comment the field for a time-based serial number.
57 # In how many days, counting from today, this certificate will expire.
58 # Use -1 if there is no expiration date.
61 # Alternatively you may set concrete dates and time. The GNU date string
62 # formats are accepted. See:
63 # http://www.gnu.org/software/tar/manual/html_node/Date-input-formats.html
65 #activation_date = "2004-02-29 16:21:42"
66 #expiration_date = "2025-02-29 16:24:41"
70 # A dnsname in case of a WWW server.
71 #dns_name = "www.none.org"
72 #dns_name = "www.morethanone.org"
74 # A subject alternative name URI
75 #uri = "http://www.example.com"
77 # An IP address in case of a server.
78 #ip_address = "192.168.1.1"
80 # An email in case of a person
81 email = "testca@@tlspool.arpa2.lab"
83 # Challenge password used in certificate requests
84 # challenge_password = 123456
86 # Password when encrypting a private key
89 # An URL that has CRLs (certificate revocation lists)
90 # available. Needed in CA certificates.
91 #crl_dist_points = "http://www.getcrl.crl/getcrl/"
93 # Whether this is a CA certificate or not
96 # for microsoft smart card logon
97 # key_purpose_oid = 1.3.6.1.4.1.311.20.2.2
99 # Whether this certificate will be used to sign data (needed
100 # in TLS DHE ciphersuites). This is the digitalSignature flag
101 # in RFC5280 terminology.
104 # Whether this certificate will be used to encrypt data (needed
105 # in TLS RSA ciphersuites). Note that it is preferred to use different
106 # keys for encryption and signing. This is the keyEncipherment flag
107 # in RFC5280 terminology.
111 ### Other predefined key purpose OIDs
113 # Whether this certificate will be used for a TLS client
116 # Whether this certificate will be used for a TLS server
119 # Whether this certificate will be used to sign data (needed
120 # in TLS DHE ciphersuites).
123 # Whether this certificate will be used to encrypt data (needed
124 # in TLS RSA ciphersuites). Note that it is preferred to use different
125 # keys for encryption and signing.
128 # Whether this key will be used to sign other certificates.
131 # Whether this key will be used to sign CRLs.
134 # Whether this key will be used to sign code.
137 # Whether this key will be used to sign OCSP data.
140 # Whether this key will be used for time stamping.
143 # Whether this key will be used for IPsec IKE operations.
146 ### end of key purpose OIDs
148 # When generating a certificate from a certificate
149 # request, then honor the extensions stored in the request
150 # and store them in the real certificate.
151 #honor_crq_extensions
153 # Path length contraint. Sets the maximum number of
154 # certificates that can be used to certify this certificate.
155 # (i.e. the certificate chain length)
160 # ocsp_uri = http://my.ocsp.server/ocsp
163 # ca_issuers_uri = http://my.ca.issuer
165 # Certificate policies
166 #policy1 = 1.3.6.1.4.1.5484.1.10.99.1.0
167 #policy1_txt = "This is a long policy to summarize"
168 #policy1_url = http://www.example.com/a-policy-to-read
170 #policy2 = 1.3.6.1.4.1.5484.1.10.99.1.1
171 #policy2_txt = "This is a short policy"
172 #policy2_url = http://www.example.com/another-policy-to-read
177 #nc_permit_dns = example.com
178 #nc_exclude_dns = test.example.com
181 #nc_permit_email = "nmav@@ex.net"
183 # Exclude subdomains of example.com
184 #nc_exclude_email = .example.com
186 # Exclude all e-mail addresses of example.com
187 #nc_exclude_email = example.com
190 # Options for proxy certificates
191 #proxy_policy_language = 1.3.6.1.5.5.7.21.1
194 # Options for generating a CRL
196 # The number of days the next CRL update will be due.
197 # next CRL update will be in 43 days
198 #crl_next_update = 43
200 # this is the 5th CRL by this CA
201 # Comment the field for a time-based number.