Imported Upstream version 3.10.2+dfsg

certs/ocsp/openssl.cnf

@@ -0,0 +1,42 @@
+#
+# openssl configuration file for OCSP certificates
+#
+
+# Extensions to add to a certificate request (intermediate1-ca)
+[ v3_req1 ]
+basicConstraints       = CA:false
+subjectKeyIdentifier   = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+keyUsage               = nonRepudiation, digitalSignature, keyEncipherment
+authorityInfoAccess    = OCSP;URI:http://127.0.0.1:22221
+
+# Extensions to add to a certificate request (intermediate2-ca)
+[ v3_req2 ]
+basicConstraints       = CA:false
+subjectKeyIdentifier   = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+keyUsage               = nonRepudiation, digitalSignature, keyEncipherment
+authorityInfoAccess    = OCSP;URI:http://127.0.0.1:22222
+
+# Extensions to add to a certificate request (intermediate3-ca)
+[ v3_req3 ]
+basicConstraints       = CA:false
+subjectKeyIdentifier   = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+keyUsage               = nonRepudiation, digitalSignature, keyEncipherment
+authorityInfoAccess    = OCSP;URI:http://127.0.0.1:22223
+
+# Extensions for a typical CA
+[ v3_ca ]
+basicConstraints       = CA:true
+subjectKeyIdentifier   = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+keyUsage               = keyCertSign, cRLSign
+authorityInfoAccess    = OCSP;URI:http://127.0.0.1:22220
+
+# OCSP extensions.
+[ v3_ocsp ]
+basicConstraints       = CA:false
+subjectKeyIdentifier   = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+extendedKeyUsage       = OCSPSigning