source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/openssl.conf @ 3139

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/openssl.conf@3652
Revision 3139, 2.6 KB checked in by pjkersha, 12 years ago (diff)

Working SessionMgr? unit tests with multiple CA support for WS-Security dsig verification and AC verification.

python/ndg.security.test/ndg/security/test/sessionMgr/init.py,
python/ndg.security.test/ndg/security/test/sessionMgr/openssl.conf,
python/ndg.security.test/ndg/security/test/sessionMgr/sessionMgrTest.cfg,
python/ndg.security.test/ndg/security/test/sessionMgr/sessionMgrProperties.xml: files added for SM unit test

python/ndg.security.test/ndg/security/test/sessionMgr/test.py: renamed refs to proxy certs -> user certs.

python/ndg.security.common/ndg/security/common/CredWallet.py: fix to AttAuthorityClient? instantiation for sslCACertFilePathList setting

Line 
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE                = $ENV::HOME/.rnd
7
8####################################################################
9[ ca ]
10default_ca      = CA_default            # The default ca section
11
12####################################################################
13[ CA_default ]
14
15dir             = ./demoCA              # Where everything is kept
16certs           = $dir/certs            # Where the issued certs are kept
17crl_dir         = $dir/crl              # Where the issued crl are kept
18database        = $dir/index.txt        # database index file.
19new_certs_dir   = $dir/newcerts         # default place for new certs.
20
21certificate     = $dir/cacert.pem       # The CA certificate
22serial          = $dir/serial           # The current serial number
23crl             = $dir/crl.pem          # The current CRL
24private_key     = $dir/private/cakey.pem# The private key
25RANDFILE        = $dir/private/.rand    # private random number file
26
27x509_extensions = x509v3_extensions     # The extentions to add to the cert
28default_days    = 365                   # how long to certify for
29default_crl_days= 365 # DEE 30  # how long before next CRL
30default_md      = md5                   # which md to use.
31preserve        = no                    # keep passed DN ordering
32
33# A few difference way of specifying how similar the request should look
34# For type CA, the listed attributes must be the same, and the optional
35# and supplied fields are just that :-)
36policy          = policy_match
37
38# For the CA policy
39[ policy_match ]
40countryName             = optional
41stateOrProvinceName     = optional
42organizationName        = match
43organizationalUnitName  = optional
44commonName              = supplied
45emailAddress            = optional
46
47# For the 'anything' policy
48# At this point in time, you must list all acceptable 'object'
49# types.
50[ policy_anything ]
51countryName             = optional
52stateOrProvinceName     = optional
53localityName            = optional
54organizationName        = optional
55organizationalUnitName  = optional
56commonName              = supplied
57emailAddress            = optional
58
59####################################################################
60[ req ]
61default_bits            = 1024
62default_keyfile         = privkey.pem
63distinguished_name      = req_distinguished_name
64req_extensions          = v3_req
65
66[ req_distinguished_name ]
67# BEGIN CONFIG
680.organizationName               = Level 0 Organization
690.organizationName_default       = NDG
700.organizationalUnitName          = Level 0 Organizational Unit
710.organizationalUnitName_default = Raphael
72#1.organizationalUnitName          = Level 1 Organizational Unit
73#1.organizationalUnitName_default = localdomain
74commonName                      = Name (e.g., John M. Smith)
75commonName_max                  = 64
76# END CONFIG
77
78[ v3_req ]
79nsCertType                      = objsign,email,server,client
80basicConstraints                = critical,CA:false
Note: See TracBrowser for help on using the repository browser.