[req] x509_extensions = v3_ca distinguished_name = req_dn [req_dn] countryName = NL organizationalUnitName = PolarSSL commonName = PolarSSL Test CA [v3_ca] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always basicConstraints = CA:true [no_subj_auth_id] subjectKeyIdentifier=none authorityKeyIdentifier=none basicConstraints = CA:true [othername_san] subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hw_module_name [nonprintable_othername_san] subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:nonprintable_hw_module_name [unsupported_othername_san] subjectAltName=otherName:1.2.3.4;UTF8:some other identifier [dns_alt_names] subjectAltName=DNS:example.com, DNS:example.net, DNS:*.example.org [rfc822name_names] subjectAltName=email:my@other.address,email:second@other.address [alt_names] DNS.1=example.com otherName.1=1.3.6.1.5.5.7.8.4;SEQ:hw_module_name DNS.2=example.net DNS.3=*.example.org [multiple_san] subjectAltName=@alt_names [ext_multi_nocn] basicConstraints = CA:false keyUsage = digitalSignature, nonRepudiation, keyEncipherment subjectAltName = DNS:www.shotokan-braunschweig.de,DNS:www.massimo-abate.eu,IP:192.168.1.1,IP:192.168.69.144 [hw_module_name] hwtype = OID:1.3.6.1.4.1.17.3 hwserial = OCT:123456 [nonprintable_hw_module_name] hwtype = OID:1.3.6.1.4.1.17.3 hwserial = FORMAT:HEX, OCT:3132338081008180333231 [v3_any_policy_ca] basicConstraints = CA:true certificatePolicies = 2.5.29.32.0 [v3_any_policy_qualifier_ca] basicConstraints = CA:true certificatePolicies = @policy_info [v3_multi_policy_ca] basicConstraints = CA:true certificatePolicies = 1.2.3.4,2.5.29.32.0 [v3_unsupported_policy_ca] basicConstraints = CA:true certificatePolicies = 1.2.3.4 [policy_info] policyIdentifier = 2.5.29.32.0 CPS.1 ="CPS uri string" [fan_cert] extendedKeyUsage = 1.3.6.1.4.1.45605.1 [noext_ca] basicConstraints = CA:true [test_ca] database = /dev/null [crl_ext_idp] issuingDistributionPoint=critical, @idpdata [crl_ext_idp_nc] issuingDistributionPoint=@idpdata [idpdata] fullname=URI:http://pki.example.com/ # these IPs are the ascii values for 'abcd' and 'abcd.example.com' [tricky_ip_san] subjectAltName=IP:97.98.99.100,IP:6162:6364:2e65:7861:6d70:6c65:2e63:6f6d [csr_ext_v3_keyUsage] keyUsage = digitalSignature, keyEncipherment [csr_ext_v3_subjectAltName] subjectAltName=DNS:example.com, DNS:example.net, DNS:*.example.org [csr_ext_v3_nsCertType] nsCertType=server [csr_ext_v3_all] keyUsage = cRLSign subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:nonprintable_hw_module_name nsCertType=client [directory_name_san] subjectAltName=dirName:dirname_sect [two_directorynames] subjectAltName=dirName:dirname_sect, dirName:dirname_to_malform [dirname_sect] C=UK O=Mbed TLS CN=Mbed TLS directoryName SAN [dirname_to_malform] O=MALFORM_ME