Blame - hs20/server/ca/openssl.cnf - android_external_wpa_supplicant_8

blob: 61410138340ff7fe0e74e2c8d5281bc13fce84ca [file] [log] [blame]

Dmitry Shmidt	df5a7e4	2014-04-02 12:59:59 -0700	[diff] [blame]	1	# OpenSSL configuration file for Hotspot 2.0 PKI (Intermediate CA)
				2
				3	HOME = .
				4	RANDFILE = $ENV::HOME/.rnd
				5	oid_section = new_oids
				6
				7	[ new_oids ]
				8
				9	#logotypeoid=1.3.6.1.5.5.7.1.12
				10
				11	####################################################################
				12	[ ca ]
				13	default_ca = CA_default # The default ca section
				14
				15	####################################################################
				16	[ CA_default ]
				17
				18	dir = ./demoCA # Where everything is kept
				19	certs = $dir/certs # Where the issued certs are kept
				20	crl_dir = $dir/crl # Where the issued crl are kept
				21	database = $dir/index.txt # database index file.
				22	#unique_subject = no # Set to 'no' to allow creation of
				23	# several certificates with same subject
				24	new_certs_dir = $dir/newcerts # default place for new certs.
				25
				26	certificate = $dir/cacert.pem # The CA certificate
				27	serial = $dir/serial # The current serial number
				28	crlnumber = $dir/crlnumber # the current crl number
				29	# must be commented out to leave a V1 CRL
				30	crl = $dir/crl.pem # The current CRL
				31	private_key = $dir/private/cakey.pem# The private key
				32	RANDFILE = $dir/private/.rand # private random number file
				33
				34	x509_extensions = ext_client # The extentions to add to the cert
				35
				36	name_opt = ca_default # Subject Name options
				37	cert_opt = ca_default # Certificate field options
				38
				39	# Extension copying option: use with caution.
				40	copy_extensions = copy
				41
				42	default_days = 365 # how long to certify for
				43	default_crl_days= 30 # how long before next CRL
				44	default_md = default # use public key default MD
				45	preserve = no # keep passed DN ordering
				46
				47	policy = policy_match
				48
				49	# For the CA policy
				50	[ policy_match ]
				51	countryName = supplied
				52	stateOrProvinceName = optional
				53	organizationName = supplied
				54	organizationalUnitName = optional
				55	commonName = supplied
				56	emailAddress = optional
				57
				58	[ policy_osu_server ]
				59	countryName = match
				60	stateOrProvinceName = optional
				61	organizationName = match
				62	organizationalUnitName = supplied
				63	commonName = supplied
				64	emailAddress = optional
				65
				66	[ policy_anything ]
				67	countryName = optional
				68	stateOrProvinceName = optional
				69	localityName = optional
				70	organizationName = optional
				71	organizationalUnitName = optional
				72	commonName = supplied
				73	emailAddress = optional
				74
				75	####################################################################
				76	[ req ]
				77	default_bits = 2048
				78	default_keyfile = privkey.pem
				79	distinguished_name = req_distinguished_name
				80	attributes = req_attributes
				81	x509_extensions = v3_ca # The extentions to add to the self signed cert
				82
Dmitry Shmidt	af9da31	2015-04-03 10:03:11 -0700	[diff] [blame^]	83	input_password = @PASSWORD@
				84	output_password = @PASSWORD@
Dmitry Shmidt	df5a7e4	2014-04-02 12:59:59 -0700	[diff] [blame]	85
				86	string_mask = utf8only
				87
				88	[ req_distinguished_name ]
				89	countryName = Country Name (2 letter code)
				90	countryName_default = FI
				91	countryName_min = 2
				92	countryName_max = 2
				93
				94	localityName = Locality Name (eg, city)
				95	localityName_default = Tuusula
				96
				97	0.organizationName = Organization Name (eg, company)
Dmitry Shmidt	af9da31	2015-04-03 10:03:11 -0700	[diff] [blame^]	98	0.organizationName_default = @DOMAIN@
Dmitry Shmidt	df5a7e4	2014-04-02 12:59:59 -0700	[diff] [blame]	99
				100	##organizationalUnitName = Organizational Unit Name (eg, section)
				101	#organizationalUnitName_default =
				102	#@OU@
				103
				104	commonName = Common Name (e.g. server FQDN or YOUR name)
				105	#@CN@
				106	commonName_max = 64
				107
				108	emailAddress = Email Address
				109	emailAddress_max = 64
				110
				111	[ req_attributes ]
				112
				113	[ v3_ca ]
				114
				115	# Hotspot 2.0 PKI requirements
				116	subjectKeyIdentifier=hash
				117	authorityKeyIdentifier=keyid:always,issuer
				118	basicConstraints = critical, CA:true, pathlen:0
				119	keyUsage = critical, cRLSign, keyCertSign
Dmitry Shmidt	af9da31	2015-04-03 10:03:11 -0700	[diff] [blame^]	120	authorityInfoAccess = OCSP;URI:@OCSP_URI@
Dmitry Shmidt	df5a7e4	2014-04-02 12:59:59 -0700	[diff] [blame]	121	# For SP intermediate CA
				122	#subjectAltName=critical,otherName:1.3.6.1.4.1.40808.1.1.1;UTF8String:engExample OSU
Dmitry Shmidt	af9da31	2015-04-03 10:03:11 -0700	[diff] [blame^]	123	#nameConstraints=permitted;DNS:.@DOMAIN@
Dmitry Shmidt	df5a7e4	2014-04-02 12:59:59 -0700	[diff] [blame]	124	#1.3.6.1.5.5.7.1.12=ASN1:SEQUENCE:LogotypeExtn
				125
				126	[ v3_osu_server ]
				127
				128	basicConstraints = critical, CA:true, pathlen:0
				129	keyUsage = critical, keyEncipherment
				130	#@ALTNAME@
				131
				132	#logotypeoid=ASN1:SEQUENCE:LogotypeExtn
				133	1.3.6.1.5.5.7.1.12=ASN1:SEQUENCE:LogotypeExtn
				134	[LogotypeExtn]
				135	communityLogos=EXP:0,SEQUENCE:LogotypeInfo
				136	[LogotypeInfo]
				137	# note: implicit tag converted to explicit for CHOICE
				138	direct=EXP:0,SEQUENCE:LogotypeData
				139	[LogotypeData]
				140	image=SEQUENCE:LogotypeImage
				141	[LogotypeImage]
				142	imageDetails=SEQUENCE:LogotypeDetails
				143	imageInfo=SEQUENCE:LogotypeImageInfo
				144	[LogotypeDetails]
				145	mediaType=IA5STRING:image/png
				146	logotypeHash=SEQUENCE:HashAlgAndValues
				147	logotypeURI=SEQUENCE:URI
				148	[HashAlgAndValues]
				149	value1=SEQUENCE:HashAlgAndValueSHA256
				150	#value2=SEQUENCE:HashAlgAndValueSHA1
				151	[HashAlgAndValueSHA256]
				152	hashAlg=SEQUENCE:sha256_alg
Dmitry Shmidt	af9da31	2015-04-03 10:03:11 -0700	[diff] [blame^]	153	hashValue=FORMAT:HEX,OCTETSTRING:@LOGO_HASH256@
Dmitry Shmidt	df5a7e4	2014-04-02 12:59:59 -0700	[diff] [blame]	154	[HashAlgAndValueSHA1]
				155	hashAlg=SEQUENCE:sha1_alg
Dmitry Shmidt	af9da31	2015-04-03 10:03:11 -0700	[diff] [blame^]	156	hashValue=FORMAT:HEX,OCTETSTRING:@LOGO_HASH1@
Dmitry Shmidt	df5a7e4	2014-04-02 12:59:59 -0700	[diff] [blame]	157	[sha256_alg]
				158	algorithm=OID:sha256
				159	[sha1_alg]
				160	algorithm=OID:sha1
				161	[URI]
Dmitry Shmidt	af9da31	2015-04-03 10:03:11 -0700	[diff] [blame^]	162	uri=IA5STRING:@LOGO_URI@
Dmitry Shmidt	df5a7e4	2014-04-02 12:59:59 -0700	[diff] [blame]	163	[LogotypeImageInfo]
				164	# default value color(1), component optional
				165	#type=IMP:0,INTEGER:1
				166	fileSize=INTEGER:7549
				167	xSize=INTEGER:128
				168	ySize=INTEGER:80
				169	language=IMP:4,IA5STRING:zxx
				170
				171	[ crl_ext ]
				172
				173	# issuerAltName=issuer:copy
				174	authorityKeyIdentifier=keyid:always
				175
				176	[ v3_OCSP ]
				177
				178	basicConstraints = CA:FALSE
				179	keyUsage = nonRepudiation, digitalSignature, keyEncipherment
				180	extendedKeyUsage = OCSPSigning
				181
				182	[ ext_client ]
				183
				184	basicConstraints=CA:FALSE
				185	subjectKeyIdentifier=hash
				186	authorityKeyIdentifier=keyid,issuer
Dmitry Shmidt	af9da31	2015-04-03 10:03:11 -0700	[diff] [blame^]	187	authorityInfoAccess = OCSP;URI:@OCSP_URI@
Dmitry Shmidt	df5a7e4	2014-04-02 12:59:59 -0700	[diff] [blame]	188	#@ALTNAME@
				189	extendedKeyUsage = clientAuth
				190
				191	[ ext_server ]
				192
				193	# Hotspot 2.0 PKI requirements
				194	basicConstraints=critical, CA:FALSE
				195	subjectKeyIdentifier=hash
				196	authorityKeyIdentifier=keyid,issuer
Dmitry Shmidt	af9da31	2015-04-03 10:03:11 -0700	[diff] [blame^]	197	authorityInfoAccess = OCSP;URI:@OCSP_URI@
Dmitry Shmidt	df5a7e4	2014-04-02 12:59:59 -0700	[diff] [blame]	198	#@ALTNAME@
				199	extendedKeyUsage = critical, serverAuth
				200	keyUsage = critical, keyEncipherment