1 # X.509 Certificate options
5 # The organization of the subject.
6 organization = "ARPA2 Laboratories"
8 # The organizational unit of the subject.
11 # The locality of the subject.
14 # The state of the certificate owner.
17 # The country of the subject. Two letter code.
20 # The common name of the certificate owner.
21 cn = "TLS Pool Test X.509 Playground Server"
23 # A user id of the certificate owner.
26 # Set domain components
30 # If the supported DN OIDs are not adequate you can set
32 # For example set the X.520 Title and the X.520 Pseudonym
33 # by using OID and string pairs.
34 #dn_oid = 2.5.4.12 Dr.
35 #dn_oid = 2.5.4.65 jackal
37 # This is deprecated and should not be used in new
39 # pkcs9_email = "none@@none.org"
41 # An alternative way to set the certificate's distinguished name directly
42 # is with the "dn" option. The attribute names allowed are:
43 # C (country), street, O (organization), OU (unit), title, CN (common name),
44 # L (locality), ST (state), placeOfBirth, gender, countryOfCitizenship,
45 # countryOfResidence, serialNumber, telephoneNumber, surName, initials,
46 # generationQualifier, givenName, pseudonym, dnQualifier, postalCode, name,
47 # businessCategory, DC, UID, jurisdictionOfIncorporationLocalityName,
48 # jurisdictionOfIncorporationStateOrProvinceName,
49 # jurisdictionOfIncorporationCountryName, XmppAddr, and numeric OIDs.
51 #dn = "cn = Nikos,st = New\, Something,C=GR,surName=Mavrogiannopoulos,2.5.4.9=Arkadias"
53 # The serial number of the certificate
54 # Comment the field for a time-based serial number.
57 # In how many days, counting from today, this certificate will expire.
58 # Use -1 if there is no expiration date.
61 # Alternatively you may set concrete dates and time. The GNU date string
62 # formats are accepted. See:
63 # http://www.gnu.org/software/tar/manual/html_node/Date-input-formats.html
65 #activation_date = "2004-02-29 16:21:42"
66 #expiration_date = "2025-02-29 16:24:41"
70 # A dnsname in case of a WWW server.
71 #dns_name = "www.none.org"
72 #dns_name = "www.morethanone.org"
73 dns_name = "playground.arpa2.lab"
74 dns_name = "localhost"
76 # A subject alternative name URI
77 #uri = "http://www.example.com"
79 # An IP address in case of a server.
80 #ip_address = "192.168.1.1"
82 # An email in case of a person
83 # email = "testsrv@tlspool.arpa2.lab"
85 # Challenge password used in certificate requests
86 # challenge_password = 123456
88 # Password when encrypting a private key
91 # An URL that has CRLs (certificate revocation lists)
92 # available. Needed in CA certificates.
93 #crl_dist_points = "http://www.getcrl.crl/getcrl/"
95 # Whether this is a CA certificate or not
98 # Whether this certificate will be used to sign data (needed
99 # in TLS DHE ciphersuites). This is the digitalSignature flag
100 # in RFC5280 terminology.
103 # Whether this certificate will be used to encrypt data (needed
104 # in TLS RSA ciphersuites). Note that it is preferred to use different
105 # keys for encryption and signing. This is the keyEncipherment flag
106 # in RFC5280 terminology.
110 # for microsoft smart card logon
111 # key_purpose_oid = 1.3.6.1.4.1.311.20.2.2
113 ### Other predefined key purpose OIDs
115 # Whether this certificate will be used for a TLS client
118 # Whether this certificate will be used for a TLS server
121 # Whether this key will be used to sign other certificates.
124 # Whether this key will be used to sign CRLs.
127 # Whether this key will be used to sign code.
130 # Whether this key will be used to sign OCSP data.
133 # Whether this key will be used for time stamping.
136 # Whether this key will be used for IPsec IKE operations.
139 ### end of key purpose OIDs
141 # When generating a certificate from a certificate
142 # request, then honor the extensions stored in the request
143 # and store them in the real certificate.
144 #honor_crq_extensions
146 # Path length contraint. Sets the maximum number of
147 # certificates that can be used to certify this certificate.
148 # (i.e. the certificate chain length)
153 # ocsp_uri = http://my.ocsp.server/ocsp
156 # ca_issuers_uri = http://my.ca.issuer
158 # Certificate policies
159 #policy1 = 1.3.6.1.4.1.5484.1.10.99.1.0
160 #policy1_txt = "This is a long policy to summarize"
161 #policy1_url = http://www.example.com/a-policy-to-read
163 #policy2 = 1.3.6.1.4.1.5484.1.10.99.1.1
164 #policy2_txt = "This is a short policy"
165 #policy2_url = http://www.example.com/another-policy-to-read
170 #nc_permit_dns = example.com
171 #nc_exclude_dns = test.example.com
174 #nc_permit_email = "nmav@@ex.net"
176 # Exclude subdomains of example.com
177 #nc_exclude_email = .example.com
179 # Exclude all e-mail addresses of example.com
180 #nc_exclude_email = example.com
183 # Options for proxy certificates
184 #proxy_policy_language = 1.3.6.1.5.5.7.21.1
187 # Options for generating a CRL
189 # The number of days the next CRL update will be due.
190 # next CRL update will be in 43 days
191 #crl_next_update = 43
193 # this is the 5th CRL by this CA
194 # Comment the field for a time-based number.