/etc/pyca/cacert_CodeSigning.cnf is in pyca 20031119-0.1ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 | extensions = extension_section
x509_extensions = extension_section
[ req ]
default_bits = 1024
distinguished_name = req_dn
encrypt_rsa_key = yes
[ req_dn ]
#1.domainComponent = DNS domain Component
#1.domainComponent_default = "com"
#2.domainComponent = DNS domain Component
#2.domainComponent_default = "localhost"
countryName = ISO country code
countryName_default = "XX"
stateOrProvinceName = State/Province Name
stateOrProvinceName_default = ""
localityName = Location
localityName_default = ""
organizationName = Organization
organizationName_default = "Looser Org."
organizationalUnitName = Organizational Unit Name
organizationalUnitName_default = "bad CA!"
commonName = Common Name
commonName_default = "CodeSigning TestCA"
commonName_max = 64
[extension_section]
# PKIX
basicConstraints=critical,CA:true
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
keyUsage = cRLSign, keyCertSign
subjectAltName = URI:"http://localhost/cgi-bin/pyca/get-cert.py/CodeSigning/ca.crt"
issuerAltName = issuer:copy
crlDistributionPoints = URI:"http://localhost/cgi-bin/pyca/get-cert.py/Root/crl.crl"
#certificatePolicies=ia5org,@polsect
# Netscape cert extensions
nsComment = "This CA issues code signing certificates."
nsCaPolicyUrl = "https://localhost/CodeSigning/policy.html"
nsCertType = objCA
nsCaRevocationUrl = "http://localhost/cgi-bin/pyca/get-cert.py/Root/crl.crl"
[ polsect ]
#policyIdentifier=1.2.3.4
#CPS="https://localhost/CodeSigning/policy.html"
#userNotice=@notice
[ notice ]
explicitText="This CA issues code signing certificates."
organization="Looser Org. with bad CA admin."
noticeNumbers=4, 2
|