# # openssl configuration file for OCSP certificates # # Extensions to add to a certificate request (intermediate1-ca) [ v3_req1 ] basicConstraints = CA:false subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always keyUsage = nonRepudiation, digitalSignature, keyEncipherment authorityInfoAccess = OCSP;URI:http://127.0.0.1:22221 # Extensions to add to a certificate request (intermediate2-ca) [ v3_req2 ] basicConstraints = CA:false subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always keyUsage = nonRepudiation, digitalSignature, keyEncipherment authorityInfoAccess = OCSP;URI:http://127.0.0.1:22222 # Extensions to add to a certificate request (intermediate3-ca) [ v3_req3 ] basicConstraints = CA:false subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always keyUsage = nonRepudiation, digitalSignature, keyEncipherment authorityInfoAccess = OCSP;URI:http://127.0.0.1:22223 # Extensions for a typical CA [ v3_ca ] basicConstraints = CA:true subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always keyUsage = keyCertSign, cRLSign authorityInfoAccess = OCSP;URI:http://127.0.0.1:22220 # OCSP extensions. [ v3_ocsp ] basicConstraints = CA:false subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always extendedKeyUsage = OCSPSigning