entities = tests_pki,tests_rep1,tests_rep2,tests_ra,tests_ca_root,tests_ca_smime,tests_ca_s_ssl
email=info@newpki.org

[tests_pki]
host=localhost
port=333
type=PKI
links=tests_rep1
savep12=tests.p12
# loadp12=tests.p12
smtp=smtp.newpki.org:25


[tests_rep1]
host=localhost
port=333
type=REPOSITORY
links=tests_rep2

[tests_rep2]
host=localhost
port=333
type=REPOSITORY

[tests_ra]
host=localhost
port=333
type=RA
rmlinks=tests_rep2
links=tests_ca_smime,tests_ca_s_ssl
threads=2
profiles=3

[tests_ca_root]
host=localhost
port=333
type=CA
rmlinks=tests_rep2
extensions=root_exts

[tests_ca_smime]
host=localhost
port=333
type=CA
rmlinks=tests_rep2
extensions=smime_exts
rootca=tests_ca_root

[tests_ca_s_ssl]
host=localhost
port=333
type=CA
rmlinks=tests_rep1
extensions=ssl_exts
rootca=tests_ca_root

[root_exts]
basicConstraints=critical, CA:TRUE
nsComment=NewPKI Generated CA Certificate
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always
nsCertType=sslCA, emailCA, objCA
keyUsage=keyCertSign, cRLSign, digitalSignature, nonRepudiation, keyEncipherment

[smime_exts]
basicConstraints=CA:FALSE
nsComment=NewPKI SMIME User Certificate
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always
nsCertType=email
keyUsage=digitalSignature
extendedKeyUsage=emailProtection

[ssl_exts]
basicConstraints=CA:FALSE
nsComment=NewPKI SSL Server Certificate
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always
nsCertType=server
keyUsage=digitalSignature, nonRepudiation, keyEncipherment
extendedKeyUsage=serverAuth