1[default] 2batch = 1 # do not use stdin 3total_timeout = 8 # prevent, e.g., infinite polling due to error 4trusted = trusted.crt 5newkey = new.key 6newkeypass = 7cmd = ir 8out_trusted = root.crt 9#certout = test.cert.pem 10policies = certificatePolicies 11#policy_oids = 1.2.3.4 12#policy_oids_critical = 1 13#verbosity = 7 14 15############################# server configurations 16 17[Mock] # the built-in OpenSSL CMP mock server 18no_check_time = 1 19server_host = 127.0.0.1 # localhost 20# server_port = 0 means that the port is determined by the server 21server_port = 0 22server_tls = $server_port 23server_cert = server.crt 24server = $server_host:$server_port 25server_path = pkix/ 26path = $server_path 27ca_dn = /O=openssl_cmp 28recipient = $ca_dn 29server_dn = /O=openssl_cmp 30expect_sender = $server_dn 31subject = "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf" 32newkey = signer.key 33out_trusted = signer_root.crt 34kur_port = $server_port 35pbm_port = $server_port 36pbm_ref = 37pbm_secret = pass:test 38cert = signer.crt 39key = signer.p12 40keypass = pass:12345 41ignore_keyusage = 0 42column = 0 43sleep = 0 44 45############################# aspects 46 47[connection] 48msg_timeout = 5 49total_timeout = 50# reset any TLS options to default: 51tls_used = 52tls_cert = 53tls_key = 54tls_keypass = 55tls_trusted = 56tls_host = 57 58[tls] 59server = 60tls_used = 61tls_cert = 62tls_key = 63tls_keypass = 64tls_trusted = 65tls_host = 66 67[credentials] 68ref = 69secret = 70cert = 71key = 72keypass = 73extracerts = 74digest = 75unprotected_requests = 76 77[verification] 78#expect_sender = 79srvcert = 80trusted = 81untrusted = 82#unprotected_errors = 83extracertsout = 84 85[commands] 86cmd = 87certout = 88cacertsout = 89infotype = 90oldcert = 91revreason = 92geninfo = 93 94[enrollment] 95cmd = 96newkey = 97newkeypass = 98#subject = 99issuer = 100days = 101reqexts = 102sans = 103san_nodefault = 0 104#popo = 105implicit_confirm = 0 106disable_confirm = 0 107certout = 108out_trusted = 109oldcert = 110csr = 111 112############################# extra cert template contents 113 114[certificatePolicies] 115certificatePolicies = "critical, @pkiPolicy" 116 117[pkiPolicy] 118policyIdentifier = 1.2.3.4 119 120[reqexts] 121basicConstraints = CA:FALSE 122#basicConstraints = critical, CA:TRUE 123keyUsage = critical, digitalSignature # keyAgreement, keyEncipherment, nonRepudiation 124extendedKeyUsage = critical, clientAuth # serverAuth, codeSigning 125#crlDistributionPoints = URI:http: 126#authorityInfoAccess = URI:http: 127subjectAltName = @alt_names 128 129[alt_names] 130DNS.0 = localhost 131IP.0 = 127.0.0.1 132IP.1 = 192.168.1.1 133URI.0 = http://192.168.0.2 134 135[reqexts_invalidkey] 136subjectAltName = @alt_names_3 137 138[alt_names_3] 139DNS.0 = localhost 140DNS.1 = xn--rksmrgs-5wao1o.example.com 141DNS.2 = xn--rkmacka-5wa.example.com 142DNS__3 = xn--rksallad-0za.example.com 143