test/recipes/81-test_cmp_cli_data/Mock/test.cnf

   1 [default]
   2 batch = 1 # do not use stdin
   3 total_timeout = 8 # prevent, e.g., infinite polling due to error
   4 trusted = trusted.crt
   5 newkey = new.key
   6 newkeypass =
   7 cmd = ir
   8 out_trusted = root.crt
   9 #certout = test.cert.pem
  10 policies = certificatePolicies
  11 #policy_oids = 1.2.3.4
  12 #policy_oids_critical = 1
  13 #verbosity = 7
  14
  15 ############################# server configurations
  16
  17 [Mock] # the built-in OpenSSL CMP mock server
  18 no_check_time = 1
  19 server_host = 127.0.0.1 # localhost
  20 server_port = 1700
  21 server_tls = 0
  22 server_cert = server.crt
  23 server = $server_host:$server_port
  24 server_path = pkix/
  25 path = $server_path
  26 ca_dn = /O=openssl_cmp
  27 recipient = $ca_dn
  28 server_dn = /O=openssl_cmp
  29 expect_sender = $server_dn
  30 subject = "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf"
  31 newkey = signer.key
  32 out_trusted = signer_root.crt
  33 kur_port = 1700
  34 pbm_port = 1700
  35 pbm_ref =
  36 pbm_secret = pass:test
  37 cert = signer.crt
  38 key  = signer.p12
  39 keypass = pass:12345
  40 ignore_keyusage = 0
  41 column = 0
  42 sleep = 0
  43
  44 ############################# aspects
  45
  46 [connection]
  47 msg_timeout = 5
  48 total_timeout =
  49 # reset any TLS options to default:
  50 tls_used =
  51 tls_cert =
  52 tls_key =
  53 tls_keypass =
  54 tls_trusted =
  55 tls_host =
  56
  57 [tls]
  58 server =
  59 tls_used =
  60 tls_cert =
  61 tls_key =
  62 tls_keypass =
  63 tls_trusted =
  64 tls_host =
  65
  66 [credentials]
  67 ref =
  68 secret =
  69 cert =
  70 key =
  71 keypass =
  72 extracerts =
  73 digest =
  74 unprotected_requests =
  75
  76 [verification]
  77 #expect_sender =
  78 srvcert =
  79 trusted =
  80 untrusted =
  81 #unprotected_errors =
  82 extracertsout =
  83
  84 [commands]
  85 cmd =
  86 cacertsout =
  87 infotype =
  88 oldcert =
  89 revreason =
  90 geninfo =
  91
  92 [enrollment]
  93 cmd =
  94 newkey =
  95 newkeypass =
  96 #subject =
  97 issuer =
  98 days =
  99 reqexts =
 100 sans =
 101 san_nodefault = 0
 102 #popo =
 103 implicit_confirm = 0
 104 disable_confirm = 0
 105 certout =
 106 out_trusted =
 107 oldcert =
 108 csr =
 109
 110 ############################# extra cert template contents
 111
 112 [certificatePolicies]
 113 certificatePolicies = "critical, @pkiPolicy"
 114
 115 [pkiPolicy]
 116 policyIdentifier = 1.2.3.4
 117
 118 [reqexts]
 119 basicConstraints = CA:FALSE
 120 #basicConstraints = critical, CA:TRUE
 121 keyUsage = critical, digitalSignature # keyAgreement, keyEncipherment, nonRepudiation
 122 extendedKeyUsage = critical, clientAuth # serverAuth, codeSigning
 123 #crlDistributionPoints = URI:http:
 124 #authorityInfoAccess = URI:http:
 125 subjectAltName = @alt_names
 126
 127 [alt_names]
 128 DNS.0 = localhost
 129 IP.0 = 127.0.0.1
 130 IP.1 = 192.168.1.1
 131 URI.0 = http://192.168.0.2
 132
 133 [reqexts_invalidkey]
 134 subjectAltName = @alt_names_3
 135
 136 [alt_names_3]
 137 DNS.0 = localhost
 138 DNS.1 = example.com
 139 DNS.2 = example2.com
 140 DNS__3 = example3.com