commit the renew.cnf file
This commit is contained in:
@@ -0,0 +1,220 @@
|
||||
#
|
||||
# sscep.conf -- configuration file for SSCEP
|
||||
#
|
||||
# All configuration options are key-value pairs, grouped into sections:
|
||||
#
|
||||
# [section]
|
||||
# Key = Value
|
||||
#
|
||||
# Quotation marks are optional - they are needed only if the value contains
|
||||
# space characters (space or tab). Quotation marks inside the value string
|
||||
# must be escaped using a backslash:
|
||||
#
|
||||
# Key = "Value \"containing quotation marks\""
|
||||
#
|
||||
# Comment lines (lines starting with '#') and empty lines are discarded.
|
||||
#
|
||||
|
||||
# sscep is the default section. Do not alter its name
|
||||
[sscep]
|
||||
|
||||
# Reference to an engine definition section (see below)
|
||||
# Uncomment to use the defined engine instead of the filesystem.
|
||||
# engine = sscep_engine
|
||||
|
||||
# SCEP server URL
|
||||
#URL = http://localhost/scep
|
||||
URL = http://pki.secmayl.com/scep
|
||||
|
||||
# Use proxy server at host:port
|
||||
#Proxy = localhost:8080
|
||||
|
||||
# CA certificate file (write if OPERATION is getca)
|
||||
#CACertFile = ca.crt
|
||||
CACertFile = ca.pem
|
||||
|
||||
# PKCS#7 encryption algorithm (des|3des|blowfish|aes[128]|aes192|aes256)
|
||||
#EncAlgorithm = 3des
|
||||
EncAlgorithm = aes256
|
||||
|
||||
# PKCS#7 signature algorithm (md5|sha1|sha224|sha256|sha384|sha512)
|
||||
# SigAlgorithm = sha1
|
||||
SigAlgorithm = sha256
|
||||
|
||||
# Note: this could be very misleading, the SCEP standard provides no
|
||||
# mechanism to "negotiate" the algorithm - even if you send 3des, reply
|
||||
# might be des.
|
||||
|
||||
# Verbose operation (true|false)
|
||||
Verbose = false
|
||||
|
||||
# Debug (even more verbose operation)
|
||||
Debug = false
|
||||
|
||||
|
||||
[sscep_engine]
|
||||
# Engine definition. It can have any name, as long as the name is referenced
|
||||
# by the "engine" option in the [sscep] section.
|
||||
# The parameter engine_id is mandatory.
|
||||
|
||||
# Engine ID. The engine will use the OpenSSL's engine interface.
|
||||
# Supported engines are:
|
||||
# - Any installed OpenSSL engine (e.g. tpm2tss)
|
||||
# - capi (Microsoft CryptoAPI)
|
||||
# - dynamic (loaded via dynamic_path)
|
||||
# engine_id = capi
|
||||
|
||||
# If the engine needs to be loaded dynamically, specify the path to the SO file here.
|
||||
# It is possible to provide paths relative to the sscep binary
|
||||
# Note: On Windows use double slashes, see example
|
||||
# Note: You HAVE to specify this unless you *know* it will be found otherwise. On
|
||||
# Windows this can lead to problems since OpenSSL is often compiled with a Unix-
|
||||
# Search-Path. In this case this can't be omitted at all.
|
||||
# dynamic_path = ..\\capi\\capi.dll
|
||||
|
||||
# Some Engines require an additional module (take PKCS#11 interface for example)
|
||||
# For these engines you can specify an additional module path here
|
||||
# Note: On Windows use double slashes, see "dynamic_path" option
|
||||
# MODULE_PATH =
|
||||
|
||||
# Special Options for engines are defined in their corresponding
|
||||
# sections, always named [sscep_engine_*] where * is the defined
|
||||
# engine id. You can see currently supported special options in
|
||||
# each of these sections. If a section does not exist, it does
|
||||
# not mean the engine is not supported, there are just no special
|
||||
# options avaiable for it.
|
||||
|
||||
|
||||
[sscep_engine_capi]
|
||||
# This section defines CryptoAPI specific settings
|
||||
# Only if the [engine]-section's engine_id is set to capi, this will be loaded,
|
||||
# otherwise it will be ignored.
|
||||
|
||||
# Specific CryptoAPI option: Set this option to whatever
|
||||
# location your newly generated key will reside in.
|
||||
# In case of certreq creating your key, it will be in REQUEST.
|
||||
new_key_location = REQUEST
|
||||
|
||||
# Which store should be used for all operations.
|
||||
# The basic layout is storelocation\storename, e.g.
|
||||
# LOCAL_MACHINE\MY and LOCAL_MACHINE\REQUEST
|
||||
# The following options are accepted here:
|
||||
# CURRENT_USER - default option, user store
|
||||
# LOCAL_MACHINE - system store
|
||||
storelocation = LOCAL_MACHINE
|
||||
|
||||
|
||||
[sscep_engine_jksengine]
|
||||
# This section defines JKSEngine specific settings
|
||||
# Only if engine_id is set to "JKSEngine" this will be loaded, otherwise ignored.
|
||||
|
||||
# Password of Java KeyStore (Default: 123456)
|
||||
# See JKSEngine for further documentation
|
||||
# KeyStorePass =
|
||||
|
||||
# Path of Java tool (Path to ConnJKSEngine)
|
||||
# JavaConnectorPath =
|
||||
|
||||
# Java Cryptography Provider of used Keystore
|
||||
# KeyStoreProvider =
|
||||
|
||||
# Path of Java Runtime Environment
|
||||
# This is normally not necessary
|
||||
# JavaPath =
|
||||
|
||||
|
||||
[sscep_getca]
|
||||
# Options for retrieving CA Certificates (operation getca)
|
||||
|
||||
# CA certificate file (write if OPERATION is getca)
|
||||
#CACertFile = ca.crt
|
||||
CACertFile = ca.pem
|
||||
|
||||
# CA identifier string, required by some CA
|
||||
#CAIdentifier = "CA Identifier"
|
||||
|
||||
# Fingerprint algorithm (md5|sha1|sha224|sha256|sha384|sha512)
|
||||
#FingerPrint = md5
|
||||
FingerPrint = sha1
|
||||
|
||||
|
||||
[sscep_enroll]
|
||||
# Operation for Certificate Enrollment (see SCEP documentation for details)
|
||||
|
||||
# CA certificate file
|
||||
#CACertFile = ca.crt
|
||||
CACertFile = ca.pem
|
||||
|
||||
# Private key file
|
||||
#PrivateKeyFile = local.key
|
||||
PrivateKeyFile = key.pem
|
||||
|
||||
# Certificate request file
|
||||
#CertReqFile = local.csr
|
||||
CertReqFile = csr.pem
|
||||
|
||||
# Signature private key file, use with SignCertFile
|
||||
#SignKeyFile = previous.key
|
||||
SignKeyFile = prev/key.pem
|
||||
|
||||
# Signature certificate (used instead of self-signed)
|
||||
#SignCertFile = previous.crt
|
||||
SignCertFile = prev/crt.pem
|
||||
|
||||
# Write enrolled certificate in file
|
||||
#LocalCertFile = local.crt
|
||||
LocalCertFile = crt.pem
|
||||
|
||||
# Use different CA cert for encryption
|
||||
#EncCertFile = enc.crt
|
||||
|
||||
# Write selfsigned certificate in file
|
||||
#SelfSignedFile = selfsigned.crt
|
||||
|
||||
# Polling interval for pending certificate (seconds)
|
||||
#PollInterval = 60
|
||||
|
||||
# Maximum polling time (seconds)
|
||||
#MaxPollTime = 28800
|
||||
|
||||
# Max number of GetCertInitial requests
|
||||
#MaxPollCount = 256
|
||||
|
||||
# Resume interrupted enrollment (true|false)
|
||||
#Resume =
|
||||
#Resume = true
|
||||
|
||||
|
||||
[sscep_getcert]
|
||||
# Private key file
|
||||
#PrivateKeyFile = local.key
|
||||
PrivateKeyFile = key.pem
|
||||
|
||||
# Local certificate file
|
||||
#LocalCertFile = local.crt
|
||||
LocalCertFile = crt.pem
|
||||
|
||||
# Certificate serial number (decimal)
|
||||
#GetCertSerial = 1
|
||||
|
||||
# Write certificate in file
|
||||
#GetCertFile = cert.crt
|
||||
GetCertFile = crt.pem
|
||||
|
||||
|
||||
[sscep_getcrl]
|
||||
# Private key file
|
||||
#PrivateKeyFile = local.key
|
||||
PrivateKeyFile = key.pem
|
||||
|
||||
# Local certificate file
|
||||
#LocalCertFile = local.crt
|
||||
LocalCertFile = crt.pem
|
||||
|
||||
# Write CRL in file
|
||||
#GetCrlFile = crl.crl
|
||||
GetCrlFile = crl.pem
|
||||
|
||||
|
||||
[sscep_getnextca]
|
||||
#NYI
|
||||
Reference in New Issue
Block a user