[Version] Signature= "$Windows NT$" ; =========================================================== ; Request Attributes ; top level section ; =========================================================== [RequestAttributes] AttributeName1 = AttributeValue1 AttributeName2 = AttributeValue2 ; =========================================================== ; NameConstraintsExcluded Name Constraints Extension ; szOID_NAME_CONSTRAINTS 2.5.29.30 ; top level section ; =========================================================== [NameConstraintsExtension] Include = NameConstraintsPermitted Exclude = NameConstraintsExcluded Critical = TrUe [NameConstraintsPermitted] ; list of user defined permitted DNS names ; the numeric second and third arguments are optional ; when present, the second argument is the minimum depth ; when present, the third argument is the maximum depth DNS = foo@domain.com DNS = domain1.domain.com, 3, 6 [NameConstraintsExcluded] ; list of user defined excluded DNS names DNS = domain.com ; =========================================================== ; Policy (CPS) Extension ; szOID_CERT_POLICIES 2.5.29.32 ; top level section ; =========================================================== [PolicyStatementExtension] ; list of user defined policies Policies = LegalPolicy, LimitedUsePolicy, ExtraPolicy, OIDPolicy CRITICAL = FALSE [LegalPolicy] ; each policy has one OID, and zero or more Notice and URL keys OID = 1.3.6.1.4.1.311.21.43 Notice = "Legal policy statement text" [LimitedUsePolicy] OID = 1.3.6.1.4.1.311.21.47 URL = "http://http.site.com/some where/default.asp" URL = "ftp://ftp.site.com/some where else/default.asp" Notice = "Limited use policy statement text." URL = "ldap://ldap.site.com/some where else again/default.asp" [ExtraPolicy] OID = 1.3.6.1.4.1.311.21.53 URL = http://extra.site.com/Extra Policy/default.asp [oidpolicy] OID = 1.3.6.1.4.1.311.21.55 ; =========================================================== ; Policy Mapping Extension ; szOID_POLICY_MAPPINGS 2.5.29.33 ; top level section ; =========================================================== [PolicyMappingsExtension] ; list of user defined policy mappings ; first OID is Issuer Domain Policy OID, second is Subject Domain Policy OID ; each entry maps one foreign policy OID to local 1.3.6.1.4.1.311.21.53 = 1.2.3.4.87 1.3.6.1.4.1.311.21.54 = 1.2.3.4.89 critical = -98 ; =========================================================== ; Policy Constraints Extension ; szOID_POLICY_CONSTRAINTS 2.5.29.36 ; top level section ; =========================================================== [PolicyConstraintsExtension] ; consists of two optional DWORDs ; They refer to the depth of the CA hierarchy that requires explicit policy ; and inhibits Policy Mapping RequireExplicitPolicy = 3 InhibitPolicyMapping = 5 ; =========================================================== ; Application Policy (CPS) Extension ; szOID_APPLICATION_CERT_POLICIES 1.3.6.1.4.1.311.21.10 ; top level section ; =========================================================== [ApplicationPolicyStatementExtension] ; list of user defined policies Policies = AppLegalPolicy, AppLimitedUsePolicy, AppExtraPolicy, AppOIDPolicy CRITICAL = FALSE [AppLegalPolicy] ; each policy has one OID, and zero or more Notice and URL keys OID = 1.3.6.1.4.1.311.21.54 Notice = "Application Legal policy statement text" [AppLimitedUsePolicy] OID = 1.3.6.1.4.1.311.21.58 URL = "http://http.site.com/application some where/default.asp" URL = "ftp://ftp.site.com/application some where else/default.asp" Notice = "Application Limited use policy statement text." URL = "ldap://ldap.site.com/application some where else again/default.asp" [AppExtraPolicy] OID = 1.3.6.1.4.1.311.21.64 URL = http://extra.site.com/Application Extra Policy/default.asp [Appoidpolicy] OID = 1.3.6.1.4.1.311.21.66 ; =========================================================== ; Application Policy Mapping Extension ; szOID_APPLICATION_POLICY_MAPPINGS 1.3.6.1.4.1.311.21.11 ; top level section ; =========================================================== [ApplicationPolicyMappingsExtension] ; list of user defined application policy mappings ; first OID is Issuer Domain Policy OID, second is Subject Domain Policy OID ; each entry maps one foreign policy OID to local 1.3.6.1.4.1.311.21.64 = 1.2.3.4.98 1.3.6.1.4.1.311.21.65 = 1.2.3.4.100 critical = 2 ; =========================================================== ; Application Policy Constraints Extension ; szOID_APPLICATION_POLICY_CONSTRAINTS 1.3.6.1.4.1.311.21.12 ; top level section ; =========================================================== [ApplicationPolicyConstraintsExtension] ; consists of two optional DWORDs ; They refer to the depth of the CA hierarchy that requires explicit policy ; and inhibits Policy Mapping RequireExplicitPolicy = 6 InhibitPolicyMapping = 10 ; =========================================================== ; Basic Constraints Extension ; szOID_BASIC_CONSTRAINTS2 2.5.29.19 ; top level section ; =========================================================== [BasicConstraintsExtension] ; Subject Type is not supported always set to CA ; maximum subordinate CA path length PathLength = 3 [EnhancedKeyUsageExtension] OID = 1.3.6.1.4.1.311.10.3.11 ; szOID_KP_KEY_RECOVERY OID = 1.3.6.1.4.1.311.10.3.9 ; szOID_ROOT_LIST_SIGNER OID = 1.3.6.1.4.1.311.10.3.1 ; szOID_KP_CTL_USAGE_SIGNING CriticAL = trUe [CRLValidity] CRLPeriod = Days CRLCount = 3 DeltaPeriod = Hours DeltaCount = 6