diff --git a/automation/certificates/internal/manios.ca/repo.manios.ca/issue.cnf b/automation/certificates/internal/manios.ca/repo.manios.ca/issue.cnf new file mode 100644 index 0000000..5fde74e --- /dev/null +++ b/automation/certificates/internal/manios.ca/repo.manios.ca/issue.cnf @@ -0,0 +1,220 @@ +# +# sscep.conf -- configuration file for SSCEP +# +# All configuration options are key-value pairs, grouped into sections: +# +# [section] +# Key = Value +# +# Quotation marks are optional - they are needed only if the value contains +# space characters (space or tab). Quotation marks inside the value string +# must be escaped using a backslash: +# +# Key = "Value \"containing quotation marks\"" +# +# Comment lines (lines starting with '#') and empty lines are discarded. +# + +# sscep is the default section. Do not alter its name +[sscep] + +# Reference to an engine definition section (see below) +# Uncomment to use the defined engine instead of the filesystem. +# engine = sscep_engine + +# SCEP server URL +#URL = http://localhost/scep +URL = http://pki.secmayl.com/scep + +# Use proxy server at host:port +#Proxy = localhost:8080 + +# CA certificate file (write if OPERATION is getca) +#CACertFile = ca.crt +CACertFile = ca.pem + +# PKCS#7 encryption algorithm (des|3des|blowfish|aes[128]|aes192|aes256) +#EncAlgorithm = 3des +EncAlgorithm = aes256 + +# PKCS#7 signature algorithm (md5|sha1|sha224|sha256|sha384|sha512) +# SigAlgorithm = sha1 +SigAlgorithm = sha256 + +# Note: this could be very misleading, the SCEP standard provides no +# mechanism to "negotiate" the algorithm - even if you send 3des, reply +# might be des. + +# Verbose operation (true|false) +Verbose = false + +# Debug (even more verbose operation) +Debug = false + + +[sscep_engine] +# Engine definition. It can have any name, as long as the name is referenced +# by the "engine" option in the [sscep] section. +# The parameter engine_id is mandatory. + +# Engine ID. The engine will use the OpenSSL's engine interface. +# Supported engines are: +# - Any installed OpenSSL engine (e.g. tpm2tss) +# - capi (Microsoft CryptoAPI) +# - dynamic (loaded via dynamic_path) +# engine_id = capi + +# If the engine needs to be loaded dynamically, specify the path to the SO file here. +# It is possible to provide paths relative to the sscep binary +# Note: On Windows use double slashes, see example +# Note: You HAVE to specify this unless you *know* it will be found otherwise. On +# Windows this can lead to problems since OpenSSL is often compiled with a Unix- +# Search-Path. In this case this can't be omitted at all. +# dynamic_path = ..\\capi\\capi.dll + +# Some Engines require an additional module (take PKCS#11 interface for example) +# For these engines you can specify an additional module path here +# Note: On Windows use double slashes, see "dynamic_path" option +# MODULE_PATH = + +# Special Options for engines are defined in their corresponding +# sections, always named [sscep_engine_*] where * is the defined +# engine id. You can see currently supported special options in +# each of these sections. If a section does not exist, it does +# not mean the engine is not supported, there are just no special +# options avaiable for it. + + +[sscep_engine_capi] +# This section defines CryptoAPI specific settings +# Only if the [engine]-section's engine_id is set to capi, this will be loaded, +# otherwise it will be ignored. + +# Specific CryptoAPI option: Set this option to whatever +# location your newly generated key will reside in. +# In case of certreq creating your key, it will be in REQUEST. +new_key_location = REQUEST + +# Which store should be used for all operations. +# The basic layout is storelocation\storename, e.g. +# LOCAL_MACHINE\MY and LOCAL_MACHINE\REQUEST +# The following options are accepted here: +# CURRENT_USER - default option, user store +# LOCAL_MACHINE - system store +storelocation = LOCAL_MACHINE + + +[sscep_engine_jksengine] +# This section defines JKSEngine specific settings +# Only if engine_id is set to "JKSEngine" this will be loaded, otherwise ignored. + +# Password of Java KeyStore (Default: 123456) +# See JKSEngine for further documentation +# KeyStorePass = + +# Path of Java tool (Path to ConnJKSEngine) +# JavaConnectorPath = + +# Java Cryptography Provider of used Keystore +# KeyStoreProvider = + +# Path of Java Runtime Environment +# This is normally not necessary +# JavaPath = + + +[sscep_getca] +# Options for retrieving CA Certificates (operation getca) + +# CA certificate file (write if OPERATION is getca) +#CACertFile = ca.crt +CACertFile = ca.pem + +# CA identifier string, required by some CA +#CAIdentifier = "CA Identifier" + +# Fingerprint algorithm (md5|sha1|sha224|sha256|sha384|sha512) +#FingerPrint = md5 +FingerPrint = sha1 + + +[sscep_enroll] +# Operation for Certificate Enrollment (see SCEP documentation for details) + +# CA certificate file +#CACertFile = ca.crt +CACertFile = ca.pem + +# Private key file +#PrivateKeyFile = local.key +PrivateKeyFile = key.pem + +# Certificate request file +#CertReqFile = local.csr +CertReqFile = csr.pem + +# Signature private key file, use with SignCertFile +#SignKeyFile = previous.key +#SignKeyFile = prev/key.pem + +# Signature certificate (used instead of self-signed) +#SignCertFile = previous.crt +#SignCertFile = prev/crt.pem + +# Write enrolled certificate in file +#LocalCertFile = local.crt +LocalCertFile = crt.pem + +# Use different CA cert for encryption +#EncCertFile = enc.crt + +# Write selfsigned certificate in file +#SelfSignedFile = selfsigned.crt + +# Polling interval for pending certificate (seconds) +#PollInterval = 60 + +# Maximum polling time (seconds) +#MaxPollTime = 28800 + +# Max number of GetCertInitial requests +#MaxPollCount = 256 + +# Resume interrupted enrollment (true|false) +#Resume = +#Resume = true + + +[sscep_getcert] +# Private key file +#PrivateKeyFile = local.key +PrivateKeyFile = key.pem + +# Local certificate file +#LocalCertFile = local.crt +LocalCertFile = crt.pem + +# Certificate serial number (decimal) +#GetCertSerial = 1 + +# Write certificate in file +#GetCertFile = cert.crt +GetCertFile = crt.pem + + +[sscep_getcrl] +# Private key file +#PrivateKeyFile = local.key +PrivateKeyFile = key.pem + +# Local certificate file +#LocalCertFile = local.crt +LocalCertFile = crt.pem + +# Write CRL in file +#GetCrlFile = crl.crl +GetCrlFile = crl.pem + + +[sscep_getnextca] +#NYI