= SSLConfig = <> == CAcert_Root_2014.conf == {{{ oid_section = xca_oids [ xca_oids ] dom = 1.3.6.1.4.1.311.20.2 MsCaV = 1.3.6.1.4.1.311.21.1 msEFSFR = 1.3.6.1.4.1.311.10.3.4.1 iKEIntermediate = 1.3.6.1.5.5.8.2.2 nameDistinguisher = 0.2.262.1.10.7.20 id-kp-eapOverPPP = 1.3.6.1.5.5.7.3.13 id-kp-eapOverLAN = 1.3.6.1.5.5.7.3.14 [ req ] default_bits = 4096 default_keyfile = privkey.pem distinguished_name = xca_dn x509_extensions = xca_extensions req_extensions = xca_extensions string_mask = MASK:0x2002 utf8 = yes prompt = no [ xca_dn ] 0.O=CAcert.org - Community Certification Authority 1.OU=CAcert 2.CN=CAcert Root [ xca_extensions ] nsCaRevocationUrl=http://crl.cacert.org/v2014/root.crl nsRevocationUrl=http://crl.cacert.org/v2014/root.crl nsCertType=sslCA, emailCA, objCA crlDistributionPoints=crlDistributionPoint0_sect keyUsage=critical,keyCertSign, cRLSign authorityKeyIdentifier=keyid, issuer subjectKeyIdentifier=hash basicConstraints=critical,CA:TRUE [crlDistributionPoint0_sect] fullname=URI:http://crl.cacert.org/v2014/root.crl }}} === CAcert_Personal.conf === {{{ oid_section = xca_oids [ xca_oids ] dom = 1.3.6.1.4.1.311.20.2 MsCaV = 1.3.6.1.4.1.311.21.1 msEFSFR = 1.3.6.1.4.1.311.10.3.4.1 iKEIntermediate = 1.3.6.1.5.5.8.2.2 nameDistinguisher = 0.2.262.1.10.7.20 id-kp-eapOverPPP = 1.3.6.1.5.5.7.3.13 id-kp-eapOverLAN = 1.3.6.1.5.5.7.3.14 [ req ] default_bits = 4096 default_keyfile = privkey.pem distinguished_name = xca_dn x509_extensions = xca_extensions req_extensions = xca_extensions string_mask = MASK:0x2002 utf8 = yes prompt = no [ xca_dn ] 0.O=CAcert.org - Community Certification Authority 1.OU=CAcert Personal Certification CA 2.CN=CAcert Root [ xca_extensions ] nsCaPolicyUrl=http://www.cacert.org/cp nsCaRevocationUrl=http://crl.cacert.org/v2014/root.crl nsRevocationUrl=http://crl.cacert.org/v2014/personal.crl nsCertType=sslCA, emailCA, objCA crlDistributionPoints=crlDistributionPoint0_sect keyUsage=critical,keyCertSign, cRLSign authorityKeyIdentifier=keyid, issuer subjectKeyIdentifier=hash basicConstraints=critical,CA:TRUE [crlDistributionPoint0_sect] fullname=URI:http://crl.cacert.org/v2014/personal.crl }}} === CAcert_Innovation.conf === {{{ oid_section = xca_oids [ xca_oids ] dom = 1.3.6.1.4.1.311.20.2 MsCaV = 1.3.6.1.4.1.311.21.1 msEFSFR = 1.3.6.1.4.1.311.10.3.4.1 iKEIntermediate = 1.3.6.1.5.5.8.2.2 nameDistinguisher = 0.2.262.1.10.7.20 id-kp-eapOverPPP = 1.3.6.1.5.5.7.3.13 id-kp-eapOverLAN = 1.3.6.1.5.5.7.3.14 [ req ] default_bits = 4096 default_keyfile = privkey.pem distinguished_name = xca_dn x509_extensions = xca_extensions req_extensions = xca_extensions string_mask = MASK:0x2002 utf8 = yes prompt = no [ xca_dn ] 0.O=CAcert.org - Community Certification Authority 1.OU=CAcert Innovation Certification CA 2.CN=CAcert Root [ xca_extensions ] nsCaPolicyUrl=http://www.cacert.org/cp/innovation nsCaRevocationUrl=http://crl.cacert.org/v2014/root.crl nsRevocationUrl=http://crl.cacert.org/v2014/innovation.crl nsCertType=objCA crlDistributionPoints=crlDistributionPoint0_sect keyUsage=critical,keyCertSign, cRLSign authorityKeyIdentifier=keyid, issuer subjectKeyIdentifier=hash basicConstraints=critical,CA:TRUE [crlDistributionPoint0_sect] fullname=URI:http://crl.cacert.org/v2014/innovation.crl }}} ==== CAcert_Time.conf ==== {{{ oid_section = xca_oids [ xca_oids ] dom = 1.3.6.1.4.1.311.20.2 MsCaV = 1.3.6.1.4.1.311.21.1 msEFSFR = 1.3.6.1.4.1.311.10.3.4.1 iKEIntermediate = 1.3.6.1.5.5.8.2.2 nameDistinguisher = 0.2.262.1.10.7.20 id-kp-eapOverPPP = 1.3.6.1.5.5.7.3.13 id-kp-eapOverLAN = 1.3.6.1.5.5.7.3.14 [ req ] default_bits = 4096 default_keyfile = privkey.pem distinguished_name = xca_dn x509_extensions = xca_extensions req_extensions = xca_extensions string_mask = MASK:0x2002 utf8 = yes prompt = no [ xca_dn ] 0.O=CAcert.org - Community Certification Authority 1.OU=CAcert Timestamping Certification CA 2.CN=CAcert Root [ xca_extensions ] nsCaPolicyUrl=http://www.cacert.org/cp/time nsCaRevocationUrl=http://crl.cacert.org/v2014/innovation.crl nsRevocationUrl=http://crl.cacert.org/v2014/time.crl nsCertType=objCA crlDistributionPoints=crlDistributionPoint0_sect keyUsage=critical,keyCertSign, cRLSign authorityKeyIdentifier=keyid, issuer subjectKeyIdentifier=hash basicConstraints=critical,CA:TRUE [crlDistributionPoint0_sect] fullname=URI:http://crl.cacert.org/v2014/time.crl }}} ==== CAcert_Object.conf ==== {{{ oid_section = xca_oids [ xca_oids ] dom = 1.3.6.1.4.1.311.20.2 MsCaV = 1.3.6.1.4.1.311.21.1 msEFSFR = 1.3.6.1.4.1.311.10.3.4.1 iKEIntermediate = 1.3.6.1.5.5.8.2.2 nameDistinguisher = 0.2.262.1.10.7.20 id-kp-eapOverPPP = 1.3.6.1.5.5.7.3.13 id-kp-eapOverLAN = 1.3.6.1.5.5.7.3.14 [ req ] default_bits = 4096 default_keyfile = privkey.pem distinguished_name = xca_dn x509_extensions = xca_extensions req_extensions = xca_extensions string_mask = MASK:0x2002 utf8 = yes prompt = no [ xca_dn ] 0.O=CAcert.org - Community Certification Authority 1.OU=CAcert Object Certification CA 2.CN=CAcert Root [ xca_extensions ] nsCaPolicyUrl=http://www.cacert.org/cp/object nsCaRevocationUrl=http://crl.cacert.org/v2014/innovation.crl nsRevocationUrl=http://crl.cacert.org/v2014/object.crl nsCertType=objCA crlDistributionPoints=crlDistributionPoint0_sect keyUsage=critical,keyCertSign, cRLSign authorityKeyIdentifier=keyid, issuer subjectKeyIdentifier=hash basicConstraints=critical,CA:TRUE [crlDistributionPoint0_sect] fullname=URI:http://crl.cacert.org/v2014/object.crl }}} === CAcert_Entity.conf === {{{ oid_section = xca_oids [ xca_oids ] dom = 1.3.6.1.4.1.311.20.2 MsCaV = 1.3.6.1.4.1.311.21.1 msEFSFR = 1.3.6.1.4.1.311.10.3.4.1 iKEIntermediate = 1.3.6.1.5.5.8.2.2 nameDistinguisher = 0.2.262.1.10.7.20 id-kp-eapOverPPP = 1.3.6.1.5.5.7.3.13 id-kp-eapOverLAN = 1.3.6.1.5.5.7.3.14 [ req ] default_bits = 4096 default_keyfile = privkey.pem distinguished_name = xca_dn x509_extensions = xca_extensions req_extensions = xca_extensions string_mask = MASK:0x2002 utf8 = yes prompt = no [ xca_dn ] 0.O=CAcert.org - Community Certification Authority 1.OU=CAcert Entity Certification CA 2.CN=CAcert Root [ xca_extensions ] nsCaPolicyUrl=http://www.cacert.org/cp/entity nsCaRevocationUrl=http://crl.cacert.org/v2014/root.crl nsRevocationUrl=http://crl.cacert.org/v2014/entity.crl nsCertType=sslCA, emailCA, objCA crlDistributionPoints=crlDistributionPoint0_sect keyUsage=critical,keyCertSign, cRLSign authorityKeyIdentifier=keyid, issuer subjectKeyIdentifier=hash basicConstraints=critical,CA:TRUE [crlDistributionPoint0_sect] fullname=URI:http://crl.cacert.org/v2014/entity.crl }}} === CAcert_Basic.conf === {{{ oid_section = xca_oids [ xca_oids ] dom = 1.3.6.1.4.1.311.20.2 MsCaV = 1.3.6.1.4.1.311.21.1 msEFSFR = 1.3.6.1.4.1.311.10.3.4.1 iKEIntermediate = 1.3.6.1.5.5.8.2.2 nameDistinguisher = 0.2.262.1.10.7.20 id-kp-eapOverPPP = 1.3.6.1.5.5.7.3.13 id-kp-eapOverLAN = 1.3.6.1.5.5.7.3.14 [ req ] default_bits = 4096 default_keyfile = privkey.pem distinguished_name = xca_dn x509_extensions = xca_extensions req_extensions = xca_extensions string_mask = MASK:0x2002 utf8 = yes prompt = no [ xca_dn ] 0.O=CAcert.org - Community Certification Authority 1.OU=CAcert Baseline Certification CA 2.CN=CAcert Root [ xca_extensions ] nsCaPolicyUrl=http://www.cacert.org/cp/basic nsCaRevocationUrl=http://crl.cacert.org/v2014/root.crl nsRevocationUrl=http://crl.cacert.org/v2014/basic.crl nsCertType=sslCA, emailCA, objCA crlDistributionPoints=crlDistributionPoint0_sect keyUsage=critical,keyCertSign, cRLSign authorityKeyIdentifier=keyid, issuer subjectKeyIdentifier=hash basicConstraints=critical,CA:TRUE [crlDistributionPoint0_sect] fullname=URI:http://crl.cacert.org/v2014/basic.crl }}} ---- [[CategoryNRE]]