#
# openssl configuration file for OCSP certificates
#

# Extensions to add to a certificate request (intermediate1-ca)
[ v3_req1 ]
basicConstraints       = CA:false
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid:always,issuer:always
keyUsage               = nonRepudiation, digitalSignature, keyEncipherment
authorityInfoAccess    = OCSP;URI:http://127.0.0.1:22221

# Extensions to add to a certificate request (intermediate2-ca)
[ v3_req2 ]
basicConstraints       = CA:false
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid:always,issuer:always
keyUsage               = nonRepudiation, digitalSignature, keyEncipherment
authorityInfoAccess    = OCSP;URI:http://127.0.0.1:22222

# Extensions to add to a certificate request (intermediate3-ca)
[ v3_req3 ]
basicConstraints       = CA:false
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid:always,issuer:always
keyUsage               = nonRepudiation, digitalSignature, keyEncipherment
authorityInfoAccess    = OCSP;URI:http://127.0.0.1:22223

# Extensions for a typical CA
[ v3_ca ]
basicConstraints       = CA:true
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid:always,issuer:always
keyUsage               = keyCertSign, cRLSign
authorityInfoAccess    = OCSP;URI:http://127.0.0.1:22220

# OCSP extensions.
[ v3_ocsp ]
basicConstraints       = CA:false
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid:always,issuer:always
extendedKeyUsage       = OCSPSigning