1[default] 2batch = 1 # do not use stdin 3total_timeout = 8 # prevent, e.g., infinite polling due to error 4trusted = trusted.crt 5newkey = new.key 6newkeypass = 7cmd = ir 8out_trusted = root.crt 9#certout = test.cert.pem 10policies = certificatePolicies 11#policy_oids = 1.2.3.4 12#policy_oids_critical = 1 13#verbosity = 7 14 15############################# server configurations 16 17[Mock] # the built-in OpenSSL CMP mock server 18# no_check_time = 1 19server_host = 127.0.0.1 # localhost 20# server_port = 0 means that the port is determined by the server 21server_port = 0 22server_tls = $server_port 23server_cert = server.crt 24server = $server_host:$server_port 25server_path = pkix/ 26path = $server_path 27ca_dn = /CN=Root CA 28recipient = $ca_dn 29server_dn = /CN=server.example 30expect_sender = $server_dn 31subject = "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf" 32newkey = signer.key 33out_trusted = signer_root.crt 34kur_port = $server_port 35pbm_port = $server_port 36pbm_ref = 37pbm_secret = pass:test 38cert = signer.crt 39key = signer.p12 40keypass = pass:12345 41ignore_keyusage = 0 42column = 0 43sleep = 0 44 45############################# aspects 46 47[connection] 48msg_timeout = 5 49total_timeout = 50# reset any TLS options to default: 51tls_used = 52tls_cert = 53tls_key = 54tls_keypass = 55tls_trusted = 56tls_host = 57 58[tls] 59server = 60tls_used = 61tls_cert = 62tls_key = 63tls_keypass = 64tls_trusted = 65tls_host = 66 67[credentials] 68ref = 69secret = 70cert = 71key = 72keypass = 73extracerts = 74digest = 75unprotected_requests = 76 77[verification] 78#expect_sender = 79srvcert = 80trusted = 81untrusted = 82#unprotected_errors = 83extracertsout = 84 85[commands] 86cmd = 87cacertsout = 88infotype = 89oldcert = 90revreason = 91geninfo = 92 93[enrollment] 94cmd = 95newkey = 96newkeypass = 97#subject = 98issuer = 99days = 100reqexts = 101sans = 102san_nodefault = 0 103#popo = 104implicit_confirm = 0 105disable_confirm = 0 106certout = 107out_trusted = 108oldcert = 109csr = 110 111############################# extra cert template contents 112 113[certificatePolicies] 114certificatePolicies = "critical, @pkiPolicy" 115 116[pkiPolicy] 117policyIdentifier = 1.2.3.4 118 119[reqexts] 120basicConstraints = CA:FALSE 121#basicConstraints = critical, CA:TRUE 122keyUsage = critical, digitalSignature # keyAgreement, keyEncipherment, nonRepudiation 123extendedKeyUsage = critical, clientAuth # serverAuth, codeSigning 124#crlDistributionPoints = URI:http: 125#authorityInfoAccess = URI:http: 126subjectAltName = @alt_names 127 128[alt_names] 129DNS.0 = localhost 130IP.0 = 127.0.0.1 131IP.1 = 192.168.1.1 132URI.0 = http://192.168.0.2 133 134[reqexts_invalidkey] 135subjectAltName = @alt_names_3 136 137[alt_names_3] 138DNS.0 = localhost 139DNS.1 = xn--rksmrgs-5wao1o.example.com 140DNS.2 = xn--rkmacka-5wa.example.com 141DNS__3 = xn--rksallad-0za.example.com 142