diff options
Diffstat (limited to 'scripts/testroot.cnf')
| -rw-r--r-- | scripts/testroot.cnf | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/scripts/testroot.cnf b/scripts/testroot.cnf new file mode 100644 index 00000000..238bd8ab --- /dev/null +++ b/scripts/testroot.cnf @@ -0,0 +1,81 @@ +# $Id$ +# +# Generate test root resource certificate for use with testroot.py server. + +[ ca ] +default_ca = ca_default + +[ ca_default ] +certificate = testroot.cer +serial = testroot.serial +private_key = testroot.key +database = testroot.index +new_certs_dir = /tmp +name_opt = ca_default +cert_opt = ca_default +default_days = 365 +default_crl_days = 30 +default_md = sha256 +preserve = no +copy_extensions = copy +policy = ca_policy_anything +unique_subject = no +x509_extensions = ca_x509_ext +crl_extensions = crl_x509_ext + +[ ca_policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional +givenName = optional +surname = optional + +[ req ] +default_bits = 2048 +encrypt_key = no +distinguished_name = req_dn +req_extensions = req_x509_ext +prompt = no + +[ req_dn ] +CN = testroot + +[ req_x509_ext ] +basicConstraints = critical,CA:true +subjectKeyIdentifier = hash +keyUsage = critical,keyCertSign,cRLSign +subjectInfoAccess = 1.3.6.1.5.5.7.48.5;URI:rsync://wombat.invalid/ +sbgp-autonomousSysNum = critical,@asid_ext +sbgp-ipAddrBlock = critical,@addr_ext + +[ ca_x509_ext ] +basicConstraints = critical,CA:true +keyUsage = critical,keyCertSign,cRLSign +subjectInfoAccess = 1.3.6.1.5.5.7.48.5;URI:rsync://wombat.invalid/ +sbgp-autonomousSysNum = critical,@asid_ext +sbgp-ipAddrBlock = critical,@addr_ext + +[ crl_x509_ext ] +authorityKeyIdentifier = keyid:always + +[ asid_ext ] + +AS.0 = 64533 +AS.1 = 64534-64540 +AS.2 = 64544 + +[ addr_ext ] + +IPv4.0 = 10.0.0.0/24 +IPv4.1 = 10.3.0.0/24 +IPv4.2 = 192.0.2.1-192.0.2.33 +IPv4.3 = 192.0.2.44-192.0.2.100 + +IPv6.0 = 2001:db8::44-2001:db8::100 +IPv6.1 = 2001:db8::a00:0/120 +IPv6.2 = 2001:db8::a03:0/120 +IPv6.3 = 2001:db8::10:0:44/128 |