summaryrefslogtreecommitdiffstats
path: root/confskel/openssl/pki_extensions
diff options
context:
space:
mode:
Diffstat (limited to 'confskel/openssl/pki_extensions')
-rw-r--r--confskel/openssl/pki_extensions61
1 files changed, 0 insertions, 61 deletions
diff --git a/confskel/openssl/pki_extensions b/confskel/openssl/pki_extensions
deleted file mode 100644
index d841890..0000000
--- a/confskel/openssl/pki_extensions
+++ /dev/null
@@ -1,61 +0,0 @@
-[ kdc_cert ]
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment, keyAgreement
-
-#Pkinit EKU
-extendedKeyUsage = 1.3.6.1.5.2.3.5
-
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# Copy subject details
-
-issuerAltName=issuer:copy
-
-# Add id-pkinit-san (pkinit subjectAlternativeName)
-subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name
-
-[kdc_princ_name]
-realm = EXP:0, GeneralString:@@@REALM_UCNAME@@@
-principal_name = EXP:1, SEQUENCE:kdc_principal_seq
-
-[kdc_principal_seq]
-name_type = EXP:0, INTEGER:1
-name_string = EXP:1, SEQUENCE:kdc_principals
-
-[kdc_principals]
-princ1 = GeneralString:krbtgt
-princ2 = GeneralString:@@@REALM_UCNAME@@@
-
-[ client_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-basicConstraints=CA:FALSE
-
-keyUsage = digitalSignature, keyEncipherment, keyAgreement
-
-extendedKeyUsage = 1.3.6.1.5.2.3.4
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-
-subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:princ_name
-
-
-# Copy subject details
-
-issuerAltName=issuer:copy
-
-[princ_name]
-realm = EXP:0, GeneralString:@@@REALM_UCNAME@@@
-principal_name = EXP:1, SEQUENCE:principal_seq
-
-[principal_seq]
-name_type = EXP:0, INTEGER:1
-name_string = EXP:1, SEQUENCE:principals
-
-[principals]
-princ1 = GeneralString:@@@KDCSERVER@@@
generated by cgit v1.2.1 (git 2.18.0) at 2025-03-08 13:40:31 +0000