2 batch = 1 # do not use stdin
3 total_timeout = 8 # prevent, e.g., infinite polling due to error
9 #certout = test.cert.pem
10 policies = certificatePolicies
11 #policy_oids = 1.2.3.4
12 #policy_oids_critical = 1
15 ############################# server configurations
17 [Mock] # the built-in OpenSSL CMP mock server
19 server_host = 127.0.0.1 # localhost
22 server_cert = server.crt
23 server = $server_host:$server_port
26 ca_dn = /O=openssl_cmp
28 server_dn = /O=openssl_cmp
29 expect_sender = $server_dn
30 subject = "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf"
32 out_trusted = signer_root.crt
36 pbm_secret = pass:test
44 ############################# aspects
49 # reset any TLS options to default:
74 unprotected_requests =
110 ############################# extra cert template contents
112 [certificatePolicies]
113 certificatePolicies = "critical, @pkiPolicy"
116 policyIdentifier = 1.2.3.4
119 basicConstraints = CA:FALSE
120 #basicConstraints = critical, CA:TRUE
121 keyUsage = critical, digitalSignature # keyAgreement, keyEncipherment, nonRepudiation
122 extendedKeyUsage = critical, clientAuth # serverAuth, codeSigning
123 #crlDistributionPoints = URI:http:
124 #authorityInfoAccess = URI:http:
125 subjectAltName = @alt_names
131 URI.0 = http://192.168.0.2
134 subjectAltName = @alt_names_3
140 DNS__3 = example3.com