SSLConfig

CAcert_Root_2014.conf

oid_section = xca_oids

[ xca_oids ]
dom = 1.3.6.1.4.1.311.20.2
MsCaV = 1.3.6.1.4.1.311.21.1
msEFSFR = 1.3.6.1.4.1.311.10.3.4.1
iKEIntermediate = 1.3.6.1.5.5.8.2.2
nameDistinguisher = 0.2.262.1.10.7.20
id-kp-eapOverPPP = 1.3.6.1.5.5.7.3.13
id-kp-eapOverLAN = 1.3.6.1.5.5.7.3.14

[ req ]
default_bits = 4096
default_keyfile = privkey.pem
distinguished_name = xca_dn
x509_extensions = xca_extensions
req_extensions = xca_extensions
string_mask = MASK:0x2002
utf8 = yes
prompt = no

[ xca_dn ]
0.O=CAcert.org - Community Certification Authority 
1.OU=CAcert
2.CN=CAcert Root

[ xca_extensions ]
nsCaRevocationUrl=http://crl.cacert.org/v2014/root.crl
nsRevocationUrl=http://crl.cacert.org/v2014/root.crl
nsCertType=sslCA, emailCA, objCA
crlDistributionPoints=crlDistributionPoint0_sect
keyUsage=critical,keyCertSign, cRLSign
authorityKeyIdentifier=keyid, issuer
subjectKeyIdentifier=hash
basicConstraints=critical,CA:TRUE

[crlDistributionPoint0_sect]
fullname=URI:http://crl.cacert.org/v2014/root.crl

CAcert_Personal.conf

oid_section = xca_oids

[ xca_oids ]
dom = 1.3.6.1.4.1.311.20.2
MsCaV = 1.3.6.1.4.1.311.21.1
msEFSFR = 1.3.6.1.4.1.311.10.3.4.1
iKEIntermediate = 1.3.6.1.5.5.8.2.2
nameDistinguisher = 0.2.262.1.10.7.20
id-kp-eapOverPPP = 1.3.6.1.5.5.7.3.13
id-kp-eapOverLAN = 1.3.6.1.5.5.7.3.14

[ req ]
default_bits = 4096
default_keyfile = privkey.pem
distinguished_name = xca_dn
x509_extensions = xca_extensions
req_extensions = xca_extensions
string_mask = MASK:0x2002
utf8 = yes
prompt = no

[ xca_dn ]
0.O=CAcert.org - Community Certification Authority 
1.OU=CAcert Personal Certification CA
2.CN=CAcert Root

[ xca_extensions ]
nsCaPolicyUrl=http://www.cacert.org/cp
nsCaRevocationUrl=http://crl.cacert.org/v2014/root.crl
nsRevocationUrl=http://crl.cacert.org/v2014/personal.crl
nsCertType=sslCA, emailCA, objCA
crlDistributionPoints=crlDistributionPoint0_sect
keyUsage=critical,keyCertSign, cRLSign
authorityKeyIdentifier=keyid, issuer
subjectKeyIdentifier=hash
basicConstraints=critical,CA:TRUE

[crlDistributionPoint0_sect]
fullname=URI:http://crl.cacert.org/v2014/personal.crl

CAcert_Innovation.conf

oid_section = xca_oids

[ xca_oids ]
dom = 1.3.6.1.4.1.311.20.2
MsCaV = 1.3.6.1.4.1.311.21.1
msEFSFR = 1.3.6.1.4.1.311.10.3.4.1
iKEIntermediate = 1.3.6.1.5.5.8.2.2
nameDistinguisher = 0.2.262.1.10.7.20
id-kp-eapOverPPP = 1.3.6.1.5.5.7.3.13
id-kp-eapOverLAN = 1.3.6.1.5.5.7.3.14

[ req ]
default_bits = 4096
default_keyfile = privkey.pem
distinguished_name = xca_dn
x509_extensions = xca_extensions
req_extensions = xca_extensions
string_mask = MASK:0x2002
utf8 = yes
prompt = no

[ xca_dn ]
0.O=CAcert.org - Community Certification Authority 
1.OU=CAcert Innovation Certification CA
2.CN=CAcert Root

[ xca_extensions ]
nsCaPolicyUrl=http://www.cacert.org/cp/innovation
nsCaRevocationUrl=http://crl.cacert.org/v2014/root.crl
nsRevocationUrl=http://crl.cacert.org/v2014/innovation.crl
nsCertType=objCA
crlDistributionPoints=crlDistributionPoint0_sect
keyUsage=critical,keyCertSign, cRLSign
authorityKeyIdentifier=keyid, issuer
subjectKeyIdentifier=hash
basicConstraints=critical,CA:TRUE

[crlDistributionPoint0_sect]
fullname=URI:http://crl.cacert.org/v2014/innovation.crl

CAcert_Time.conf

oid_section = xca_oids

[ xca_oids ]
dom = 1.3.6.1.4.1.311.20.2
MsCaV = 1.3.6.1.4.1.311.21.1
msEFSFR = 1.3.6.1.4.1.311.10.3.4.1
iKEIntermediate = 1.3.6.1.5.5.8.2.2
nameDistinguisher = 0.2.262.1.10.7.20
id-kp-eapOverPPP = 1.3.6.1.5.5.7.3.13
id-kp-eapOverLAN = 1.3.6.1.5.5.7.3.14

[ req ]
default_bits = 4096
default_keyfile = privkey.pem
distinguished_name = xca_dn
x509_extensions = xca_extensions
req_extensions = xca_extensions
string_mask = MASK:0x2002
utf8 = yes
prompt = no

[ xca_dn ]
0.O=CAcert.org - Community Certification Authority 
1.OU=CAcert Timestamping Certification CA
2.CN=CAcert Root

[ xca_extensions ]
nsCaPolicyUrl=http://www.cacert.org/cp/time
nsCaRevocationUrl=http://crl.cacert.org/v2014/innovation.crl
nsRevocationUrl=http://crl.cacert.org/v2014/time.crl
nsCertType=objCA
crlDistributionPoints=crlDistributionPoint0_sect
keyUsage=critical,keyCertSign, cRLSign
authorityKeyIdentifier=keyid, issuer
subjectKeyIdentifier=hash
basicConstraints=critical,CA:TRUE

[crlDistributionPoint0_sect]
fullname=URI:http://crl.cacert.org/v2014/time.crl

CAcert_Object.conf

oid_section = xca_oids

[ xca_oids ]
dom = 1.3.6.1.4.1.311.20.2
MsCaV = 1.3.6.1.4.1.311.21.1
msEFSFR = 1.3.6.1.4.1.311.10.3.4.1
iKEIntermediate = 1.3.6.1.5.5.8.2.2
nameDistinguisher = 0.2.262.1.10.7.20
id-kp-eapOverPPP = 1.3.6.1.5.5.7.3.13
id-kp-eapOverLAN = 1.3.6.1.5.5.7.3.14

[ req ]
default_bits = 4096
default_keyfile = privkey.pem
distinguished_name = xca_dn
x509_extensions = xca_extensions
req_extensions = xca_extensions
string_mask = MASK:0x2002
utf8 = yes
prompt = no

[ xca_dn ]
0.O=CAcert.org - Community Certification Authority 
1.OU=CAcert Object Certification CA
2.CN=CAcert Root

[ xca_extensions ]
nsCaPolicyUrl=http://www.cacert.org/cp/object
nsCaRevocationUrl=http://crl.cacert.org/v2014/innovation.crl
nsRevocationUrl=http://crl.cacert.org/v2014/object.crl
nsCertType=objCA
crlDistributionPoints=crlDistributionPoint0_sect
keyUsage=critical,keyCertSign, cRLSign
authorityKeyIdentifier=keyid, issuer
subjectKeyIdentifier=hash
basicConstraints=critical,CA:TRUE

[crlDistributionPoint0_sect]
fullname=URI:http://crl.cacert.org/v2014/object.crl

CAcert_Entity.conf

oid_section = xca_oids

[ xca_oids ]
dom = 1.3.6.1.4.1.311.20.2
MsCaV = 1.3.6.1.4.1.311.21.1
msEFSFR = 1.3.6.1.4.1.311.10.3.4.1
iKEIntermediate = 1.3.6.1.5.5.8.2.2
nameDistinguisher = 0.2.262.1.10.7.20
id-kp-eapOverPPP = 1.3.6.1.5.5.7.3.13
id-kp-eapOverLAN = 1.3.6.1.5.5.7.3.14

[ req ]
default_bits = 4096
default_keyfile = privkey.pem
distinguished_name = xca_dn
x509_extensions = xca_extensions
req_extensions = xca_extensions
string_mask = MASK:0x2002
utf8 = yes
prompt = no

[ xca_dn ]
0.O=CAcert.org - Community Certification Authority 
1.OU=CAcert Entity Certification CA
2.CN=CAcert Root

[ xca_extensions ]
nsCaPolicyUrl=http://www.cacert.org/cp/entity
nsCaRevocationUrl=http://crl.cacert.org/v2014/root.crl
nsRevocationUrl=http://crl.cacert.org/v2014/entity.crl
nsCertType=sslCA, emailCA, objCA
crlDistributionPoints=crlDistributionPoint0_sect
keyUsage=critical,keyCertSign, cRLSign
authorityKeyIdentifier=keyid, issuer
subjectKeyIdentifier=hash
basicConstraints=critical,CA:TRUE

[crlDistributionPoint0_sect]
fullname=URI:http://crl.cacert.org/v2014/entity.crl

CAcert_Basic.conf

oid_section = xca_oids

[ xca_oids ]
dom = 1.3.6.1.4.1.311.20.2
MsCaV = 1.3.6.1.4.1.311.21.1
msEFSFR = 1.3.6.1.4.1.311.10.3.4.1
iKEIntermediate = 1.3.6.1.5.5.8.2.2
nameDistinguisher = 0.2.262.1.10.7.20
id-kp-eapOverPPP = 1.3.6.1.5.5.7.3.13
id-kp-eapOverLAN = 1.3.6.1.5.5.7.3.14

[ req ]
default_bits = 4096
default_keyfile = privkey.pem
distinguished_name = xca_dn
x509_extensions = xca_extensions
req_extensions = xca_extensions
string_mask = MASK:0x2002
utf8 = yes
prompt = no

[ xca_dn ]
0.O=CAcert.org - Community Certification Authority 
1.OU=CAcert Baseline Certification CA
2.CN=CAcert Root

[ xca_extensions ]
nsCaPolicyUrl=http://www.cacert.org/cp/basic
nsCaRevocationUrl=http://crl.cacert.org/v2014/root.crl
nsRevocationUrl=http://crl.cacert.org/v2014/basic.crl
nsCertType=sslCA, emailCA, objCA
crlDistributionPoints=crlDistributionPoint0_sect
keyUsage=critical,keyCertSign, cRLSign
authorityKeyIdentifier=keyid, issuer
subjectKeyIdentifier=hash
basicConstraints=critical,CA:TRUE

[crlDistributionPoint0_sect]
fullname=URI:http://crl.cacert.org/v2014/basic.crl


CategoryNRE

Roots/OpenSSLConfig (last edited 2014-01-29 20:43:35 by MartinGummi)