CA的dn-param 和 extend
CI-csr.cnf 的内容如下:
#openssl x509 extfile params
extensions = extend
# This prevent the user to be prompted for values
prompt = no
distinguished_name = dn-param
[dn-param] # DN fields
CN = GSMA Test CI
OU = TESTCERT
O = RSPTEST
C = IT
# Extensions for the Test CI
[extend] # openssl extensions
subjectKeyIdentifier = hash
basicConstraints = critical, CA:true
certificatePolicies=critical,2.23.146.1.2.1.0
keyUsage =critical, keyCertSign, cRLSign
subjectAltName = RID:2.999.1
crlDistributionPoints=URI:http://ci.test.gsma.com/CRL-A.crl, URI:http://ci.test.gsma.com/CRL-B.crl
EUM-csr.cnf 内容如下:
# openssl EMU certificate request configuration file
[req]
prompt = no
distinguished_name = dn-name
[dn-name]
countryName = DE
organizationName = RSP Test EUM
commonName = EUM Test
EUM-ext.cnf内容如下:
# openssl EUM certificate creation configuration file
# 2017-01-31
authorityKeyIdentifier=keyid, issuer
subjectKeyIdentifier=hash
keyUsage=critical, keyCertSign
certificatePolicies=critical,2.23.146.1.2.1.2 #OID id-rspRole-eum
subjectAltName=RID:2.999.5
basicConstraints=critical,CA:TRUE, pathlen:0
crlDistributionPoints=URI:http://ci.test.gsma.com/CRL-B.crl
nameConstraints=critical,DER:30:32:A0:30:30:2E:A4:2C:30:2A:31:15:30:13:06:03:55:04:0A:0C:0C:52:53:50:20:54:65:73:74:20:45:55:4D:31:11:30:0F:06:03:55:04:05:13:08:38:39:30:34:39:30:33:32
DSauth-csr.cnf:
#openssl x509 extfile params
extensions = extend
# This prevent the user to be prompted for values
prompt = no
distinguished_name = dn-param
[dn-param] # DN fields
O = ACME
CN = TEST SM-DP+
[extend] # openssl extensions
DSauth-ext.cnf:
# openssl x509 extfile params
extensions = extend
# This prevent the user to be prompted for values
prompt = no
[extend] # openssl extensions
authorityKeyIdentifier=keyid,issuer
subjectKeyIdentifier=hash
subjectAltName = RID:2.999.10
keyUsage =critical, digitalSignature
certificatePolicies=critical,2.23.146.1.2.1.4
crlDistributionPoints=URI:http://ci.test.gsma.com/CRL-A.crl, URI:http://ci.test.gsma.com/CRL-B.crl
CERT_S_SM_DP_TLS.csr.cnf:
[ req ]
prompt = no
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
O = myo
# shall be aligned with SGP.23 value #TEST_DP_ADDRESS1
CN = xxx.xxx.com
CERT_S_SM_DP_TLS.ext.cnf
######################################################################################################################################################################
# Extensions for a DPTLS
keyUsage = critical, digitalSignature
extendedKeyUsage = critical, serverAuth, clientAuth
certificatePolicies = 2.23.146.1.2.1.3
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
# RID shall be aligend with SGP.23 value SM-DP+OID
# DNS name shall be aligned with SGP.23 value #TEST_DP_ADDRESS1
subjectAltName = DNS:testsmdpplus1.gsma.com, RID:2.999.10
crlDistributionPoints=URI:http://ci.test.gsma.com/CRL-A.crl, URI:http://ci.test.gsma.com/CRL-B.crl
# openssl-eUICC.cnf
#
# use: openssl req -new -nodes -sha256 -config eUICC-csr.cnf -key euiccPrKey.pem -out eUICC.csr
#
[req]
prompt = no
distinguished_name = dn-name
[dn-name]
countryName = DE
organizationName = RSP Test EUM
serialNumber = 89049032123451234512345678901235
commonName = Test eUICC
#eUICC certificate creation configuration
#
# use openssl x509 -req -in eUICC.csr -CA ..\EUM-cert.pem -CAkey ..\eumPrivKey.pem -set_serial 0x020000000000000001 -days 2915731 -sha256 -extfile euicc-ext.cnf -out eUICC-cert.pem
#
authorityKeyIdentifier=keyid
subjectKeyIdentifier=hash
keyUsage = critical, digitalSignature
certificatePolicies=critical,2.23.146.1.2.1.1 #OID id-rspRole-e